perl-cpan-ecosystem

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime command "curl -L https://cpanmin.us | perl
• --self-upgrade" which fetches and immediately executes remote code to install cpanm (a tool the skill relies on for its workflows), so https://cpanmin.us is a high-confidence risky external URL.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly includes sudo installation commands (e.g., "sudo apt install ...") and instructions to install system-wide packages and headers, which direct obtaining root privileges and modifying system state, even though it doesn't instruct creating users or altering critical system configs.