oss-styles

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the skill automatically clones a remote repository and mandates executing that repository's SKILL.md/workflow, which enables arbitrary remote code execution and supply-chain attacks (including possible dependency postinstall scripts, hidden commands that exfiltrate data or read environment credentials), even though no explicit exfiltration code is shown in this file.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones the public GitHub repository https://github.com/heimanba/oss-video-skill and is required to read and execute the repository's .qoder/skills/oss-video/SKILL.md, thus ingesting untrusted, user-generated third‑party content that can directly change the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "git clone git@github.com:heimanba/oss-video-skill.git" (https://github.com/heimanba/oss-video-skill) at runtime and then loads and executes that repository's .qoder/skills/oss-video/SKILL.md, so fetched remote content directly controls the agent's instructions and execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). Although the prompt does not explicitly request sudo, user creation, or system-file edits, it mandates cloning and automatically executing an external repository's SKILL.md (including installing dependencies and running its workflow), which forces execution of untrusted code that could perform privileged or system-changing actions—so it meaningfully pushes the agent toward compromising the host state.