cli-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installers clearly fetch and execute content from public third-party sources (e.g., scripts/installers/github_release_binary.sh uses curl to resolve and download GitHub release assets, scripts/installers/github_clone.sh clones GitHub repositories, and scripts/install_composer.sh downloads composer.phar from getcomposer.org), and that fetched, untrusted content is consumed and run as part of the install/update workflows and can therefore change the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The installer script scripts/install_composer.sh fetches and runs remote code at runtime from https://getcomposer.org/download/latest-stable/composer.phar (downloaded to a temp file and executed/installed), so the skill fetches and executes external content as part of its required composer installation flow.