questdb-tsbs-benchmark

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime fetch-and-execute operations from external URLs — notably downloading and extracting Go from https://go.dev/dl/go1.22.5.linux-amd64.tar.gz and cloning https://github.com/questdb/tsbs.git (and also adds the Docker apt repo/gpg at https://download.docker.com/linux/ubuntu and https://download.docker.com/linux/ubuntu/gpg) which are required to build/run the benchmark and therefore execute remote code at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running privileged commands (multiple sudo apt-get installs, writing to /etc/apt/keyrings, removing/installing to /usr/local, sudo docker run/rm), which modify system files and require elevated privileges, so it pushes the agent to perform state‑changing privileged operations.