test-release

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). brew.sh is the official Homebrew site (low risk), but the raw.githubusercontent.com URL points to a raw install.sh in an individual GitHub repo—downloading and piping an unreviewed shell script from a user repository (curl | bash) is a high-risk pattern unless you inspect the script and verify the source/signatures, so treat this download source as potentially malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads and executes third-party content as part of its required workflow (Phase 3's curl-mac and curl-vps steps fetch and pipe https://raw.githubusercontent.com/coleam00/Archon/main/scripts/install.sh to bash, and Phase 1/3 use gh release to read GitHub release data), so untrusted public GitHub content can directly affect execution and thus enable indirect prompt-injection-like influence.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs "curl -fsSL https://raw.githubusercontent.com/coleam00/Archon/main/scripts/install.sh | bash" locally and via SSH on a VPS, which fetches and executes remote code at runtime (install.sh) and is a required dependency for the curl-mac / curl-vps install paths.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs installing and uninstalling release binaries system-wide (brew tap/install, curl install to /usr/local/bin or $HOME/.local/bin) and even runs sudo on a remote VPS to remove files, which modifies system state and requires elevated privileges, so it poses a high risk of compromising the machine state.