macos-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill asks the user for a proxy URL and then echoes and embeds that value verbatim into generated commands/configuration lines (exports and git proxy settings), which requires the LLM to handle and output a potentially sensitive secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and executes content from public third-party sites (e.g., curl checks to https://github.com and https://www.google.com, git clones from GitHub, and the explicit installer command "curl -fsSL https://claude.ai/install.sh | bash" plus rustup/sdkman curl installers), so it clearly ingests untrusted external content as part of its setup workflow.