caddy

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The setup includes curl commands that fetch and install packages from https://dl.cloudsmith.io/public/caddy/stable/gpg.key and https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt which are used during installation to add an external repository and then apt install caddy, thereby fetching and executing remote code that the skill relies on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit privileged setup commands (sudo apt install, sudo tee to /etc/apt/sources.list.d, writing keys to /usr/share/keyrings, installing system services and running daemons) and instructs modifying system-wide configuration and files, which requires elevated privileges and thus pressures the agent to change the machine's state.