easy-brainstorming

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs running npx to install/update external code (e.g., "npx skills install roin-orca/skills --skill find-skills" and "npx skills update easy-brainstorming"), so the external repository "roin-orca/skills" is fetched and executed at runtime and can change prompts/instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs running shell commands that install/update global npm packages (npx ... -g, npx skills install/update), which modify the host system state and can change or add software on the machine.