se-dev-script

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly indexes and searches user-generated Steam Workshop scripts (see index_scripts.py and actions/search.md) and Prepare.bat links SteamScripts to the workshop content folder (%STEAMAPPS%/workshop/content/244850), so the agent ingests and reads untrusted third‑party script files as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Prepare.bat (run at skill runtime as part of the required prepare action) fetches and executes remote code — it runs PowerShell to download-and-run https://astral.sh/uv/install.ps1 via "irm ... | iex" and also downloads busybox from https://frippery.org/files/busybox/busybox64u.exe, so these URLs execute remote code and are required for the skill.