wren-sql

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The links point to raw GitHub content including an install.sh that the skill explicitly suggests running (curl ... | bash), and executing remote shell scripts without reviewing the repository/source is a common vector for malware and thus poses a high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly and silently fetches the public URL https://raw.githubusercontent.com/Canner/wren-engine/main/skills/versions.json (see SKILL.md "Version check") and uses that untrusted remote content to decide whether to notify the user and present an update command (curl | bash), so third-party data can influence the agent's workflow.