apple-containers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly downloads and runs public third‑party scripts and content (e.g., curl https://tailscale.com/install.sh and curl https://raw.githubusercontent.com/kylelundstedt/dotfiles/master/install.sh and cloning GitHub repos) which are untrusted/user‑generated and can change runtime behavior and tooling.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs and requires remote install scripts at runtime—specifically "curl -fsSL https://tailscale.com/install.sh | sh" and "curl -fsSL https://raw.githubusercontent.com/kylelundstedt/dotfiles/master/install.sh | bash"—which fetch and execute external code necessary for operation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs creating a new user and writing a passwordless sudoers file (modifying /etc/sudoers.d), installing packages and starting privileged daemons inside the container—actions that modify system state and grant elevated privileges.