run-llms

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). The GitHub and HuggingFace links point to common developer and model hosting sites (lower risk), but the av.codes get-harbor.sh is a direct shell script from a personal domain (used in a "curl | bash" install) which is a high-risk pattern that can deliver arbitrary malicious code, so overall this set is suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and runs models and configs from public user-provided sources (e.g., "harbor pull hf.co/...", "harbor pull " and "harbor profile use "), meaning untrusted HuggingFace/registry repos and arbitrary URLs are ingested and can materially change model behavior or tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs running "curl https://av.codes/get-harbor.sh | bash" to install Harbor at runtime, which fetches and immediately executes remote code and is a required dependency for the skill.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes explicit sudo commands (e.g. apt-get install, sudo usermod -aG docker $USER), system-level installs (Docker, NVIDIA toolkit), and commands that change service/config state, so it directs actions that modify the machine and require elevated privileges.