deployment

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes running a remote installer that is piped to a shell (curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash) and a deploy script that pulls a git repository (git@github.com:username/repo.git) at runtime—both fetch external code that will be executed as part of deployment.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs creating a system user, running multiple sudo commands, modifying system files (e.g., /etc/nginx/*), and managing services, so it directs actions that change machine state and require elevated privileges.