giil

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The bundle includes raw GitHub URLs to an install.sh and a direct executable from a non-obviously reputable user and even recommends curl | bash (a high‑risk pattern); the iCloud share/CDN links look like ordinary image hosts but do not mitigate the risk of running unreviewed remote shell code or binaries, so this distribution is suspicious without verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the tool loads and downloads content from arbitrary public cloud share URLs (e.g., share.icloud.com, dropbox.com, photos.google.com, drive.google.com), captures page DOM/screenshots and returns image files/base64/JSON to AI workflows, exposing the agent to untrusted, user-generated third‑party content for interpretation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes explicit privileged installation commands (e.g., "sudo apt-get install ...") and optional system-wide installation paths (GIIL_SYSTEM=/usr/local/bin) that instruct modifying system packages/files which require sudo, so it encourages actions that can change the machine state.