ue5-editor-control

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub repo originates from an unknown/numeric account and the skill instructs running install scripts or fetching prebuilt binaries (a common malware distribution vector), making the download source potentially unsafe; the localhost endpoints themselves are local service endpoints (not external downloads) but could execute code if a malicious plugin is installed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's auto-setup explicitly fetches code/releases from GitHub (e.g., the git clone in the README and the scripts/install.sh calls to https://api.github.com/... to choose and download release assets), so it ingests untrusted public third‑party content as part of its installation workflow.