Missing User Warnings
Medium
- Confidence
- 98% confidence
- Finding
- The skill instructs users to install software by piping a remotely fetched script directly into a shell (`curl ... | bash` and `irm ... | iex`). This bypasses basic review and integrity checks, so a compromised download endpoint, DNS, CDN, or upstream release process could lead to immediate arbitrary code execution on the user's machine.
