enable-quality-gate

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub repository (github.com/bitsoex/ai-code-instructions.git) appears low-risk as a code repository on a trusted host, but mise.run is an unfamiliar domain that the prompt tells users to install via "curl https://mise.run | sh" — a high-risk pattern (remote shell script execution) that could be used to distribute malware, so overall this pair is moderately to highly suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required configuration and examples explicitly import and download packages from public GitHub releases (e.g., the amends/import lines like "package://github.com/jdx/hk/releases/download/v1.36.0/...#/Builtins.pkl" and the pkl download-package example), which causes the workflow to fetch and execute untrusted, user-hosted content that can influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime installation command that pipes remote code to a shell ("curl https://mise.run | sh"), which fetches and executes external code and is presented as a required dependency for the skill (mise), posing a high-risk runtime external dependency.