agent-workflow

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Although claude.ai is the known Anthropic domain, the URL is a direct link to an executable shell script (install.sh) and the prompt instructs piping it to sh — a high-risk pattern for malware/supply-chain compromise unless you verify the script and source integrity first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Using MCP servers" section explicitly lists Firecrawl ("Web crawling | Data collection") and Playwright ("Control web browser"), indicating the agent is intended to fetch and analyze public web content (untrusted third-party sources) as part of its multi-agent workflows, which could allow indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Dockerfile in the skill contains "RUN curl -fsSL https://claude.ai/install.sh | sh", which fetches and executes remote code at build/run time and is included as a required setup step for the skill, so https://claude.ai/install.sh is a high-risk runtime external dependency.