xrepo-env

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly installs and activates packages from public repos (e.g., "xmake-repo" at https://github.com/xmake-io/xmake-repo) and even shows a CI example that curls and runs a remote install script ("curl -fsSL https://xmake.io/shget.text | bash"), meaning the agent will fetch and execute untrusted third-party content which can alter PATH/env and therefore influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The CI example shows running "curl -fsSL https://xmake.io/shget.text | bash", which fetches remote script content and pipes it to a shell at runtime, i.e., executing remote code — a high-risk external dependency.