volcengine-deploy

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly clones user-provided Git URLs at runtime (git clone of inputs matching ^(https?|git@) — e.g. https://... or git@github.com:org/repo.git) and also pulls deployment artifacts via presigned HTTPS URLs (tosutil presign → curl), both of which fetch remote code/artifacts that are built and executed as part of the deploy flow, so these runtime external URLs can directly control executed code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs writing system-level files (e.g., /opt//.env) and managing systemd services for ECS, which are operations that modify system files and typically require elevated (sudo) privileges, so it can alter the host machine's state.