debugging-code

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). These point to a personal GitHub repo and a raw install.sh URL — running the curl|bash installer would execute arbitrary code from an account of unclear reputation, a high‑risk pattern unless you inspect and verify the script and maintainer.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates installing dap at runtime via a curl-into-bash command that fetches and executes remote code from https://raw.githubusercontent.com/AlmogBaku/debug-skill/master/install.sh, making it a required external dependency that runs remote code.