cortex-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning and running the public GitHub repo (https://github.com/Snowflake-Labs/snowflake-ai-kit) in Steps 3a/3b, which fetches and executes untrusted third-party installer scripts that can materially alter subsequent tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs at runtime to run "git clone https://github.com/Snowflake-Labs/snowflake-ai-kit.git" and then execute "bash snowflake-ai-kit/install.sh", which fetches remote code and runs an installer the skill relies on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill directs the agent to run repository installers (clone + install.sh / install.ps1) that modify system state and explicitly uses PowerShell "-ExecutionPolicy Bypass", which is a security-bypass instruction, so it encourages compromising the machine state.