Consider removing the auto-update profile by default.

[dotnvo]

https://github.com/ChrisTitusTech/powershell-profile/blob/main/Microsoft.PowerShell_profile.ps1#L54-L80

Perhaps I'm off-base here, but when reading your profile I came across something that I thought was pretty awesome at first - but then I started thinking about how it might be abused.

I'm referring to the auto-update of the profile; While I definitely can see the value in automatically grabbing a new updated profile and installing it behind the scenes, there's security implications in this process, not to mention just general concerns that some users may not understand. This is a pretty solid profile - built on oh my posh so, so I imagine it's pretty popular. Unfortunately, this means if you were targeted in a hack and someone took over your GitHub account, they could easily distribute malicious code via this profile and simply launching PowerShell would potentially load this code on end user systems. Just something to consider. I know you provide steps on how to make it your own but in my experience some people may just install the default and not change it.

[PMC]

I agree, there is even an update command so why doing the check everytime you run a shell. it even spams you every time now :(

WARNING: Profile update skipped. Last update check was within the last 7 day(s). WARNING: PowerShell update skipped. Last update check was within the last 7 day(s). Use 'Show-Help' to display help Loading personal and system profiles took 3267ms.

[tpsteiner]

+1. Also please add a comment on how to remove everything if the user doesn't like it. I'm trying to figure that out now. I assumed there would be a new Task Scheduler task, and I can't figure out how this is updating automatically.