github-sandbox-file-downloader

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). The list contains multiple direct-download artifacts (binaries, .bin, .tar.gz, .zip) hosted on unverified/generic domains (example.com) and a GitHub release asset from an unspecified owner—common vectors for malware—so the sources are suspicious unless you can verify provenance and signatures.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the GitHub Actions workflow parses commit messages for "download:"/ "download-zip:" and uses curl/wget to fetch arbitrary public URLs (e.g., "What It Does" and "How the Workflow Works") and save them into downloads/, which clearly ingests untrusted third-party web content provided via commit messages.