type4me-macos-voice-input

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Two links are to legitimate services (OpenAI API and the ara.so site), but the GitHub repo and its release point to a user-hosted macOS DMG from an individual account (potentially unsigned/unvetted), which is a common vector for distributing malicious executables and therefore warrants caution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes an explicit security-bypass command (xattr -d com.apple.quarantine /Applications/Type4Me.app) and instructions to build/deploy an app into /Applications (potentially modifying system state), so it encourages bypassing macOS protections even though it doesn't ask to create users or explicitly call sudo.