omu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's install/setup and plan-gate workflows explicitly fetch and execute third-party resources (e.g., scripts/install.sh uses curl -fsSL https://plannotator.ai/install.sh | bash and setup-claude.sh directs plugin installs from GitHub), and the installed plannotator/plugins and their outputs are used to gate plan approval and subsequent agent actions, so untrusted external content can influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installer script (scripts/install.sh) invokes a runtime curl pipe to execute remote code from https://plannotator.ai/install.sh (curl -fsSL https://plannotator.ai/install.sh | bash) to install "plannotator", which is a required tool for the mandatory PLAN gate, so remote content is fetched and executed at runtime.