dependency-manager

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — these are suspicious: astral.sh provides a direct .sh installer (curl | sh) from an unverified domain which is high-risk, and custom-index.com is an unknown custom package index that could host or serve malicious Python packages.