media-processing

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime scripts install and invoke the RMBG tool (e.g., "npm install -g rmbg-cli") and the docs/reference show the RMBG repo (https://github.com/mrgoonie/rmbg) and an explicit model download example (https://unpkg.com/@rmbg/model-modnet/modnet-256.onnx), which means remote packages/models are fetched and executed at runtime as required dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill includes explicit installation commands using sudo (and global npm installs) and in-place file-modifying tools, which instruct the agent to perform privileged system changes and modify host state.