apisix-dev

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs runtime cloning of and sourcing scripts from https://github.com/apache/apisix.git (e.g., git clone ... then . ./ci/common.sh and . ./ci/linux_openresty_common_runner.sh), which fetches remote code that is then executed, so this is a runtime external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs running CI install scripts that install system packages and OpenResty (modifying system state) and explicitly recommends using sudo (e.g., "sudo -E ..."), which pushes the agent to perform privileged system changes.