python-uv

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The EC2 deploy script runs a runtime command that pipes remote shell code into the shell ("curl -LsSf https://astral.sh/uv/install.sh | sh"), which fetches and executes external code to install uv and is relied on by the deployment workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes instructions to write/modify a systemd unit under /etc/systemd/system and explicitly runs "sudo systemctl restart myapp" (and other deploy steps), which require elevated privileges and modify system state.