cafe3310-skill-installer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs point to an unknown GitHub user/repo that explicitly instructs cloning and executing an install.sh script—GitHub is legitimate but running arbitrary shell scripts from an untrusted/low‑visibility account without reviewing them poses a moderate-to-high risk of malware or unwanted actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs an Agent to fetch and follow instructions from the public GitHub repository (https://github.com/cafe3310/public-agent-skills) and the raw SKILL.md (https://raw.githubusercontent.com/...), causing the agent to ingest and act on open, third‑party content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Flagged because the skill explicitly instructs the agent at runtime to fetch/clone https://github.com/cafe3310/public-agent-skills.git (and to read the raw file at https://raw.githubusercontent.com/cafe3310/public-agent-skills/main/skills/cafe3310-skill-installer/SKILL.md) and then run the repository's install.sh, meaning remote content is fetched during runtime and executed/controls agent instructions.