Missing User Warnings
Medium
- Confidence
- 98% confidence
- Finding
- The quick-start documentation instructs users to execute a remote script directly with `curl ... | bash`, which removes the opportunity to inspect the downloaded code before execution. In a skill for an autonomous agent framework with terminal access, this is especially dangerous because users may copy it verbatim and the fetched script could be modified upstream, intercepted in a compromised environment, or simply contain unintended destructive behavior.
