cli-design

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.85). The content contains no explicit payloads or credential-stealing code, but it mandates automatically fetching, running, and trusting externally-hosted rule tooling (compose-agentsmd -> github:metyatech/agent-rules@HEAD / npm global installs), auto-regenerating and auto-staging AGENTS.md, and CI/pre-commit enforcement — a high-risk supply-chain/backdoor pattern that can enable remote rule/code injection and repository changes without per-change human review.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running compose-agentsmd which fetches rules from the external repository github:metyatech/agent-rules@HEAD at runtime, and those fetched rules directly control agent prompts/behavior (AGENTS.md), so this is a runtime external dependency that governs instructions.