bmad-idea

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URL points to an unvetted GitHub repository by an unknown user and the installation command (via npx/skills) would fetch and execute code from that repo, so while it’s not a direct .exe download it is potentially dangerous unless the repo’s authenticity, popularity, and install scripts are verified.