ios-ettrace-performance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs fetching third-party code (e.g., "brew install emergetools/homebrew-tap/ettrace" and a git clone of https://github.com/EmergeTools/ETTrace) and then building/using that upstream ETTrace runner whose outputs the skill consumes and analyzes, so untrusted external content can materially influence tool behavior and downstream decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs runtime install/build steps that fetch and execute remote code—e.g., "git clone --depth 1 --branch "$ETTRACE_TAG" https://github.com/EmergeTools/ETTrace" (and a Homebrew install of emergetools/homebrew-tap/ettrace)—which downloads upstream code that is built/linked and executed in the instrumented app and runner, meeting the criteria for a runtime external dependency that executes remote code.