qclaw-env

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow explicitly runs network checks and fetches/parses public third‑party resources (e.g., curl/Invoke-WebRequest checks to https://github.com and https://raw.githubusercontent.com, querying https://api.github.com to set SHERPA_VERSION, and inspecting npm/PyPI registries) and uses those results to choose mirrors, versions, and installation actions, which exposes the agent to untrusted user‑generated web content that can influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs remote install scripts at runtime (e.g., /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"), which fetches and executes external code and is relied on as a required installation dependency, so this URL is a high-confidence runtime risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly instructs the agent to detect and use sudo, run system installers (e.g., softwareupdate, sudo installer -pkg), install/modify package managers and global runtimes, and change environment/PATH — all actions that alter the host system and can require elevated privileges.