hearth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (SCAN→PLAN→CRAFT→APPLY in AUTORUN) and dotfile management guidance explicitly instruct cloning and running arbitrary public repositories and bootstrap scripts (e.g., references/dotfile-management.md shows "yadm clone " and the bootstrap curl/git-clone examples; references/editor-configs.md shows lazy.nvim git clone), so the agent will fetch and act on untrusted third‑party content that can contain executable instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains bootstrap snippets that fetch-and-execute remote scripts at runtime — for example /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" — which downloads and runs remote code as part of the bootstrap flow.