commandbox-task-runners

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The URL is a direct .zip download served from an untrusted/unknown host (example.com is not an official vendor), and archives from non-official sources can contain executables or password-protected malware, so it is suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow documentation explicitly shows running shell/git commands that pull remote repositories (e.g., "command( "!git pull origin main" ).run();" in "Running Commands from Tasks") and downloading arbitrary URLs (e.g., progressable.download("https://example.com/package.zip") in "Downloading Files"), which clearly allows ingesting untrusted public third‑party content that could influence subsequent tool execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs running arbitrary shell/OS commands, deleting and writing files, downloading and loading modules/JARs, and registering/activating modules (e.g., shell(), command("!...").run(), directoryDelete("/tmp/build", true), property.store(), moduleService.registerAndActivateModule), which modify the host filesystem and runtime state even though it doesn't request sudo or create users.