solana-token-verification

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Suspicious: the URL points to an unvetted GitHub repository that instructs you to download and run a third‑party CLI — while GitHub is commonly used, unknown repos/releases can distribute malicious binaries or scripts unless you verify the source and inspect/signatures.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow instructs installing the ACP CLI from GitHub and running acp browse/acp job create and acp job status to retrieve scan results from an external provider (e.g., "Cybercentry"), which the agent is expected to read and act on, exposing it to untrusted third‑party content.