fabro-workflow-factory

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are documentation and a GitHub repo (low risk), but the presence of a direct shell installer (https://fabro.sh/install.sh) and curl|bash-style install instructions from a non-OS-vendor domain represent a high-risk distribution vector if the domain or script is untrusted (localhost endpoints are local and not externally malicious).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes installation commands that fetch and execute remote content at runtime—specifically curl -fsSL https://fabro.sh/install.sh | bash (executes remote code) and curl -fsSL https://fabro.sh/install.md | claude (feeds fetched content directly as agent prompts)—so these URLs are high-risk runtime dependencies.