dioxus-guide

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Although the domain appears related to the Dioxus project, this is a direct shell script (install.sh) served over plain HTTP and recommended to be piped into sh — a high-risk pattern because scripts from external sites can be tampered with in transit or contain malicious commands and should be inspected and fetched over HTTPS and verified before execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The guide includes a direct install command that fetches and executes remote code—"curl -sSL http://dioxus.dev/install.sh | sh"—which is a required installer for the dx CLI and thus represents a runtime (installation-time) external dependency that executes remote code.