cm
Fail
Audited by Snyk on Feb 15, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). They point to a personal GitHub repo and a raw install.sh (curl | bash) from an unfamiliar account — while hosted on GitHub, piping an unreviewed raw .sh from a low‑reputation/unknown user is a high‑risk vector for arbitrary/malicious code.
Audit Metadata