create-beads-orchestration

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are personal GitHub repositories that the prompt tells you to clone and run a bootstrap.py which can execute arbitrary installs and scripts—so unless you audit the code, this is potentially high-risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly clones a public GitHub repo (git clone https://github.com/AvivK5498/Claude-Code-Beads-Orchestration in Step 2.1) and the discovery step "Fetch specialist agents from external directory" pulls and installs agent templates from external public sources, meaning the agent will ingest and execute untrusted, user-authored third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill conditionally runs a runtime git clone of and then executes code from https://github.com/AvivK5498/Claude-Code-Beads-Orchestration (bootstrap.py), so fetched remote content can execute code and directly control agent behavior.