homebrew-cask-authoring

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are placeholder/example URLs, but they include a direct .dmg download on a generic/unverified host (example.com) so—if used as real hosts—they are high-risk for distributing malware because executables from unknown domains are untrusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and references/homebrew-cask-contribution-workflow.md) explicitly instructs checking and validating public download URLs, searching GitHub pull requests, and running online audits (e.g., "re-check URL reachability", the GitHub search URL, and brew audit --cask --online), which requires fetching and interpreting untrusted third-party web content that could influence actions.