loom-istio

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation step runs "curl -L https://istio.io/downloadIstio | sh -" which fetches and pipes remote code to a shell at runtime (executing remote code) and is presented as the required way to obtain istioctl.