libvips-image

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Two direct installer scripts (install.sh and install.ps1) hosted on astral.sh and encouraged to be executed via curl|sh or irm|iex are riskier because they allow remote code execution from a third‑party domain, while the GitHub libvips/releases page is an official, low‑risk source — together this makes the overall bundle moderately high risk.