agent-management

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Both URLs point to GitHub repositories from an unfamiliar account and the skill explicitly instructs cloning and running an install shell script (./install-agent-cli.sh), which makes them potentially unsafe because running unreviewed install scripts from unknown repos can easily distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires cloning a public GitHub repo in the Prerequisites and includes plugin commands (e.g., plugin install and plugin marketplace add <agent> <source>) that let the agent fetch and run plugins from arbitrary public sources, exposing it to untrusted, user-generated third‑party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisite instructs cloning and running an installer from a remote repo (git clone https://github.com/23blocks-OS/ai-maestro-plugins.git then ./install-agent-cli.sh), which fetches and executes remote code as a required dependency.