sky-sync

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). It's a GitHub repository from an unverified/unknown user that the skill instructs you to clone and execute a Python script from, so while GitHub is a legitimate host the repo could contain malicious code and should be treated as suspicious until vetted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly clones a public GitHub repository (https://github.com/arcniko/sky-kb.git) and runs its sync.py (SKILL.md steps 1–2), ingesting untrusted, user-maintained documentation from the open web that the agent reads and uses to drive reporting/actions, so it could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill clones and then runs code from https://github.com/arcniko/sky-kb.git at runtime (git clone ... then python3 ~/sky-kb/scripts/sync.py), which executes remote code fetched during execution and is thus a required external dependency.