py-modernize

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This URL points to a raw install.sh script on a third‑party domain (astral.sh) — running or piping such a remote shell script executes arbitrary code and is therefore high risk unless you verify the script's content and provenance (even if it appears to be an official project site).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt explicitly recommends installing a system package globally (including a sudo zypper install command and a curl | sh installer), which encourages the agent to perform privileged system-level changes even though most other actions are project-local.