Missing User Warnings
Medium
- Confidence
- 93% confidence
- Finding
- The skill instructs execution of remote install scripts via `curl ... | bash` and PowerShell `iex`, which are high-risk patterns because they run network-fetched code directly on the host without integrity verification. Even though framed as first-time setup, this can lead to arbitrary code execution if the remote source, transport, or distribution path is compromised, and the skill does not prominently warn about the system-level impact.
