boxlang-runtime-commandbox

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's install instructions run a remote installer at runtime via "curl -fsSl https://downloads.ortussolutions.com/commandbox-cli-install | bash", which fetches and directly executes remote code and is presented as a required installation step.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes explicit privileged installation steps (e.g., sudo apt-key add, sudo apt-get install, curl|bash installer), advises modifying system locations like /var/www and OS service/SSL integration, which instructs the agent to perform actions that change the host system state and require elevated privileges.