5dive-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly long-polls and ingests unsolicited Telegram/Discord inbound messages as part of its workflow (see "Pair a Telegram channel" / telegram-discover and the "Channels are the inbound message surface" sections in SKILL.md), meaning arbitrary third‑party user-generated content can be read and acted on by agents.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill auto-installs skills from an owner/repo spec (e.g. the default "5dive-com/skills" owner/repo via --with-skills) at agent-create time, which means the CLI fetches remote repository content into ~/.claude/skills/ at runtime and those installed skills can contain code or prompt instructions that directly control agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to run sudo 5dive commands that create Linux users, manage systemd services, modify host auth/accounts, and perform repairs (apt installs), which directly modifies and can compromise the machine state.