hcom-agent-messaging

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These point to an individual GitHub repo and a direct download of an installer shell script (the exact curl | sh pattern shown in the prompt); piping an unverified remote .sh from a personal/unfamiliar GitHub account is a common malware vector and therefore suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill intentionally exposes multiple backdoor-like and exfiltration-capable features — terminal/PTY injection, headless agent spawning, reading/transmitting full transcripts and file contents (including via --file/--base64 and --from impersonation), cross-device relay to public/remote brokers, explicit sandbox-bypass modes ("danger-full-access" / auto-approve / OPENCODE_PERMISSION), and a curl|sh installer — which together enable remote code execution, credential/data exfiltration, impersonation, and supply-chain risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required setup step instructs running a curl from a public GitHub URL ("curl -fsSL https://github.com/aannoo/hcom/releases/latest/download/hcom-installer.sh | sh"), which fetches and executes untrusted third‑party content and can directly influence agent tooling and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs at runtime to run a remote installer via curl and pipe to sh (https://github.com/aannoo/hcom/releases/latest/download/hcom-installer.sh), which fetches and executes remote code and is presented as the required install path for hcom, so it is a high-confidence runtime external dependency that executes remote code.