busybox-on-windows

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs include the official BusyBox site (busybox.net) but also direct .exe downloads from a third‑party domain (frippery.org), and direct executables served from non‑official/unverified sites are higher risk unless checksums/signatures and provenance are verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs runtime downloads of executables via Invoke-WebRequest from URLs such as https://frippery.org/files/busybox/busybox.exe (and variants) which are required at runtime and would result in executing remote code on the host.