spidey

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This URL points to an individual GitHub repository that the skill instructs you to clone and run an install.sh from — while GitHub itself is legitimate, executing scripts from an unverified personal repo carries a substantial risk of arbitrary/malicious code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs the agent to perform system-level changes (e.g., cloning/running install.sh and explicitly using "sudo apt install" for dependencies), which ask the agent to run privileged package-install and arbitrary install scripts that can modify the host system.