github-actions

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The SKILL explicitly instructs running remote code via curl | sudo bash from https://raw.githubusercontent.com/nektos/act/master/install.sh (installs act), which fetches and executes a script at setup/runtime and thus is a high-confidence risky external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes explicit commands that use sudo (e.g., "curl ... | sudo bash" to install act) which push the agent to perform privileged operations on the host, so it can compromise the machine state.