pueue-job-orchestration

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content contains intentional telemetry and callback mechanisms that can exfiltrate commands, stdout/stderr, environment snapshots to external endpoints (e.g., curl to hooks.example.com), plus a "pretooluse" hook that silently rewrites user commands to run through pueue (covert instrumentation), and it endorses piping remote install scripts to bash and storing secrets in .env — all deliberate patterns that can be used as backdoors or for credential/data exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's installation instructions in references/installation-guide.md explicitly tell the user/agent to curl and execute public GitHub-hosted scripts (e.g., "curl -sSL https://raw.githubusercontent.com/terrylica/rangebar-py/main/scripts/setup-pueue-linux.sh | bash" and downloading releases from github.com), which clearly fetches and runs untrusted, user-hosted third-party content that can materially alter tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation steps include runtime fetching-and-executing of remote code (curl -sSL https://raw.githubusercontent.com/terrylica/rangebar-py/main/scripts/setup-pueue-linux.sh | bash) and downloading executable binaries from GitHub releases (https://github.com/Nukesor/pueue/releases/download/${PUEUE_VERSION}/pueue-x86_64-unknown-linux-musl), which directly execute remote code and are required to install/run the skill.