claude-code-local-mlx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's installation and runtime steps explicitly download and load community-hosted models and code from public third-party sources (e.g., "The server will: 1. Download the model from HuggingFace" and the huggingface-cli/git clone commands in SKILL.md), meaning untrusted external model/content is ingested and will directly influence the agent's behavior and tool use, creating a clear vector for indirect prompt-injection or supply-chain manipulation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill includes explicit sudo usage (sudo powermetrics) and advises operations that may modify system locations or require elevated privileges (Homebrew installer, linking into /usr/local/bin, listening on 0.0.0.0), but it does not instruct creating users, editing system service files, or actively bypassing security mechanisms.