hetzner-infra

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start installs and extracts a remote binary at https://github.com/hetznercloud/cli/releases/latest/download/hcloud-linux-amd64.tar.gz via "curl ... | tar xz", which fetches and executes remote code at runtime and is a required dependency for the skill's hcloud-based provisioning.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running a privileged command (sudo mv hcloud /usr/local/bin/) which requires sudo and modifies the system filesystem, so it encourages privilege escalation and local state changes.