configure-web-session

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs downloading and executing installers from public third-party hosts (see Step 3 listing raw.githubusercontent.com, releases.hashicorp.com, github releases, pypi.org) and Step 4's install_pkgs.sh which fetches and runs those remote artifacts, so it consumes and acts on untrusted external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's install script explicitly downloads and runs remote installers/binaries at runtime (e.g., the Helm installer from https://raw.githubusercontent.com and release artifacts from releases.hashicorp.com / github.com), so it fetches and executes remote code as a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs creating/updating files and a SessionStart hook that installs system-level tooling (downloads binaries to /usr/local/bin and may run apt), which modifies the machine's state and can require elevated privileges, so it poses a high risk of compromising the host.