scripting-bash

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes examples and CI snippets that fetch and execute public third‑party content (e.g., timeout 30s curl -fsSL "$url", bash <(curl -s https://codecov.io/bash), git clone https://github.com/..., docker pull, and other curl/git installs), so the agent using these workflows would ingest and run untrusted external content that could deliver indirect prompt injection.