xget

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches live README and platform data from public URLs (scripts/xget.mjs uses DEFAULT_SOURCE_URL https://raw.gitcode.com/xixu-me/xget/raw/main/src/config/platform-catalog.js and DEFAULT_README_URL https://raw.gitcode.com/xixu-me/xget/raw/main/README.md), and SKILL.md requires using node scripts/xget.mjs to pull and apply that live guidance — which the agent reads and uses to make conversion/execute decisions, so untrusted upstream content can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime Node script fetches external content from https://raw.gitcode.com/xixu-me/xget/raw/main/src/config/platform-catalog.js and https://raw.gitcode.com/xixu-me/xget/raw/main/README.md (used by default) and the fetched README/platform catalog are parsed and used to drive converted URLs and live “Use Cases” guidance that the agent is instructed to apply and execute, so remote content can directly influence prompts and executed actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly defaults to executing commands and editing real files (including setting persistent environment variables and performing deployments), which pushes the agent to modify the machine state and could lead to privileged or system-level changes even though it doesn't explicitly request sudo, service edits, or user creation.