amq-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw GitHub shell install script from an individual/unknown repository (raw .sh served for piping into bash); such scripts can execute arbitrary code and should be treated as suspicious until you review the repo and the script contents and verify the author.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs fetching and running an installer from raw.githubusercontent.com (curl ... | bash) and, more importantly, requires the agent to read and act on incoming AMQ messages (amq drain/read/watch, cross-project/swarm messages and integration bridges) which are user-generated/untrusted content that can directly influence routing, decisions, and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisites instruct running curl -fsSL https://raw.githubusercontent.com/avivsinai/agent-message-queue/main/scripts/install.sh | bash to install the required amq binary, which fetches and executes remote code at runtime and is a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill encourages running a remote install (curl | bash) and explicitly demonstrates dangerous flags like --dangerously-skip-permissions and --dangerously-bypass-approvals-and-sandbox that instruct bypassing security/sandboxing (while it doesn't directly request sudo or user creation), so it promotes actions that can compromise the host state.