fdk-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (SKILL.md and the commands/*.md Task prompts, e.g., Operation 1 / commands/fdk-install.md and cross-scenarios) instruct shell subagents to fetch and execute remote resources (curl the nvm install script from raw.githubusercontent.com, npm install https://cdn.freshdev.io/fdk/latest.tgz, brew/choco installs, etc.), which are public third‑party assets that the agent downloads/executes and whose contents can materially change tool behavior and follow‑up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's shell subagent prompts explicitly fetch and execute remote code at runtime — for example "curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash" and "npm install https://cdn.freshdev.io/fdk/latest.tgz -g" — which are runtime dependencies that download and run external code required for the operations.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to perform global installs/uninstalls, remove directories and binaries (e.g., rm -rf ~/.fdk, rm -f /usr/local/bin/fdk), and modify shell configuration files, which directly change the machine's state and may affect system-level artifacts—so it actively pushes state-changing, potentially privileged operations.