god-tibo-imagen

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links point to third‑party GitHub repos and npm/pip packages from unvetted/low‑profile authors that instruct reuse of a local credential file (~/.codex/auth.json) and installing/running code from npm/pip/GitHub can execute arbitrary scripts, so they are potentially risky even if not overtly malicious.