aflpp

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to curl and download a raw header from GitHub (https://raw.githubusercontent.com/AFLplusplus/AFLplusplus/stable/utils/argv_fuzzing/argv-fuzz-inl.h), which pulls remote source code that is then compiled/linked into and executed by the fuzz target, so it is a required runtime fetch of remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running root-only scripts (afl-system-config, afl-persistent-config), using --privileged Docker with host mounts, and disabling kernel security mitigations via update-grub/reboot, all of which require sudo or modify system security settings and thus compromise the machine state.