linux-perf

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow tells the user to run git clone https://github.com/brendangregg/FlameGraph and then execute its scripts (./FlameGraph/stackcollapse-perf.pl and ./FlameGraph/flamegraph.pl), which fetches and run remote code at runtime and is treated as a required dependency for flamegraph generation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running sudo commands, installing packages, and changing kernel security settings and persistent sysctl files (e.g., lowering perf_event_paranoid, writing /etc/sysctl.d, echo 0 > /proc/sys/kernel/kptr_restrict), which modify system state and bypass security controls.