raycast-alfred

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and renders untrusted, user-generated web content—e.g., src/search-github.tsx and alfred-github-search.py call the public GitHub API to display repository metadata, and src/api-tester.tsx lets users request arbitrary URLs and shows the response body—so the agent will read/interpret third‑party content that could contain injected instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes AppleScript that executes privileged shell commands ("with administrator privileges" to run sudo dscacheutil and killall) and other scripts that modify system settings or kill processes, which pushes the agent to request elevation and change the machine state.