autonomous-loops

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The URL is a direct raw GitHub link to an install.sh shell script (commonly used with curl | bash); while hosted on GitHub by a known author, any remote .sh run directly is high-risk because it grants arbitrary code execution and can be used to distribute malware unless you inspect and fully trust the repository and contents first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Continuous Claude" CI failure recovery workflow explicitly instructs the agent to fetch and inspect CI run data via GitHub CLI commands (e.g., "gh run list" / "gh run view") and then spawn new claude passes to fix failures, meaning the agent consumes user-generated third-party CI/log output which can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes an installation step that runs remote shell script via curl and pipe to bash (https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh), which fetches and executes external code at runtime and is presented as the required installer for the "continuous-claude" loop.