setup-wsl-dev-environment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow includes fetching and executing public third-party install scripts (e.g., Step 6: "curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/... | bash" and Step 7: "curl https://pyenv.run | bash"), which ingests untrusted external content that can materially change subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs shell install commands that fetch-and-execute remote scripts at runtime (curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash and curl https://pyenv.run | bash), which directly execute remote code and are required for the Node.js/pyenv install steps.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt directs running elevated actions (PowerShell Administrator wsl --install, multiple sudo apt installs/upgrades, and editing system files like /etc/wsl.conf or Windows features), which modify system-wide state and require privileged access.