codeindex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's management.md explicitly recommends installing via a curl command that fetches and pipes a script from raw.githubusercontent.com (curl -fsSL https://raw.githubusercontent.com/QuinsZouls/code-index/master/install.sh | bash), and SKILL.md instructs the agent to handle installation automatically if the tool is missing, which means the agent may fetch and execute public, third-party code that could alter behavior.