exe-dev

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). localhost:8000 is a local development endpoint (not an external download source) but vmname.exe.xyz is an untrusted/custom VM hosting domain that can serve arbitrary binaries/ports and is not a known official vendor, so it could be used to distribute malware and should be treated as potentially risky.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to untrusted third-party content because it documents accessing public exe.dev VM endpoints (e.g., https://.exe.xyz:9999/ for the Shelley agent) and explicitly states that Shelley reads VM-hosted files like ~/.config/shelley/AGENTS.md (references/exe-dev-vm-service.md), which can contain user-provided instructions that would influence agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill directly instructs creating and managing persistent VMs (create VMs, change ports, make public) and explicitly includes adding users via SSH (e.g., "ssh exe.dev share add "), which modifies machine state and can create accounts or change access, so it should be flagged.