cli-anything-iterm2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads live terminal output (e.g., cli-anything-iterm2 --json app snapshot, --json session screen, and --json session scrollback in SKILL.md and references/session-io.md), so the agent will ingest and act on arbitrary/untrusted content produced in terminals (which can include content fetched from public websites) and that content can materially influence subsequent commands.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires running a remote install command that fetches and executes code—curl -L https://iterm2.com/shell_integration/install_shell_integration.sh | bash—which installs shell integration used to provide prompt-related features, so the URL directly delivers and executes remote code relied on by the skill.