se-dev-script

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package contains explicit remote-download-and-execute steps (Prepare.bat uses PowerShell to invoke a remote install script via iex and downloads a busybox binary), plus creates filesystem junctions into user Steam and AppData folders and runs package installation (uv sync), which together create a clear supply‑chain / remote code execution vector even though there is no explicit data‑exfiltration routine in the codebase.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly indexes and searches user-provided Steam Workshop scripts (see index_scripts.py which scans SteamScripts/ and actions/search.md), and Prepare.bat creates a junction to the Steam Workshop content folder (%steam%\steamapps\workshop\content\244850), so the agent will ingest and interpret arbitrary third-party (user-generated) code as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). High-confidence: Prepare.bat performs runtime downloads and execution — it runs PowerShell to fetch-and-execute the installer "irm https://astral.sh/uv/install.ps1 | iex" and also downloads an executable from "https://frippery.org/files/busybox/busybox64u.exe" as part of the required one-time Prepare step, so remote content is fetched and executed at runtime and is a required dependency.