csctf

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most links are benign “share” pages (ChatGPT/Gemini/Grok/Claude) and not direct downloads, but the presence of a raw GitHub install.sh from an unknown user combined with the documented curl | bash installer pattern and cookie-copy/remote-debugging steps (which can exfiltrate credentials or install arbitrary code) makes this a suspicious distribution vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public share URLs (e.g., chatgpt.com/share/, gemini.google.com/share/, grok.com/share/, claude.ai/share/) and parses the conversation HTML (user/assistant content) into Markdown/HTML, thereby ingesting untrusted, user-generated third‑party content for interpretation.