git-teacher-setup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Linux install step fetches a remote key and apt repository from https://cli.github.com/packages (wget ... https://cli.github.com/packages/githubcli-archive-keyring.gpg and adding deb https://cli.github.com/packages) and then runs sudo apt install gh -y, which downloads and installs/executes remote code at runtime and is required for the skill to operate.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run privileged system commands (multiple sudo installs and writing to /etc/apt/*), modify global git config and system package sources, and create/push repos — all actions that change machine/system state and require elevated privileges.