161-java-profiling-detect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's interactive profiling script (download_profiler in the profiler/scripts/profile-java-process.sh template) explicitly downloads async-profiler from a public GitHub releases URL (https://github.com/async-profiler/async-profiler/releases/...) and then runs tools from that downloaded package, meaning it fetches and executes untrusted third‑party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill downloads and executes async-profiler at runtime from the GitHub releases URL (e.g. https://github.com/async-profiler/async-profiler/releases/download/v$version/$filename), which is fetched with curl/wget, extracted, and its binaries (current/bin/asprof, jfrconv, etc.) are run—meaning remote code is fetched and executed as a required dependency.