codex-env-setup

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs executing remote install scripts at runtime (e.g., "curl -LsSf ... | sh" on macOS/Linux and "powershell iex script" on Windows) to install the required "uv" tool, which fetches and directly executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.85). 這個技能指示安裝系統層級軟體（如 Node.js、uv）並包含使用包管理器與 curl | sh/PowerShell iex 的安裝腳本，會修改系統檔案且可能需要提升權限，屬於會改變機器狀態的操作。