macos-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and packages.md explicitly include commands that fetch and execute public web content (e.g., curl --connect-timeout checks to https://github.com and https://raw.githubusercontent.com, and install lines like curl -fsSL https://claude.ai/install.sh | bash and curl https://sh.rustup.rs | sh), which are untrusted third‑party sources that the workflow expects to run and which can materially change agent/tool behavior.