script

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes and ingests untrusted user-generated Instagram content (via Apify's apify/instagram-scraper and yt-dlp/whisper) as described in SKILL.md Phases 3–5 and hooks.md, and then directly reads and uses those transcripts/hooks to calibrate voice, build the hooks database, and drive script generation and automated cron actions, meaning third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and executes remote code at setup/runtime (e.g., running npx -y @anthropic-ai/apify-mcp-server@latest to provision Apify MCP and installing packages/scripts such as git+https://github.com/openai/whisper.git, git clone https://github.com/tenfoldmarc/script-skill.git, and /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"), which are required or gate-critical and will execute remote code that can control scraping and agent behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to install system packages (including explicit sudo apt install commands), run remote install scripts (Homebrew via curl), and create cron/launch-agent jobs—actions that modify system state and may require or encourage elevated privileges.