ru

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). One of the URLs is a direct raw.githubusercontent.com link to an install.sh (an executable shell script) hosted under a single GitHub user of unknown reputation; while github.com is a legitimate host, directly downloading and running a remote .sh (especially piped to bash) is a high-risk vector for malware or malicious actions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly queries GitHub for open issues and PRs and clones/arises from public repository URLs (e.g., "Queries GitHub for open issues and PRs across all repos", ru review --plan, and ~/.config/ru/repos.d/public.list / https://github.com/... entries), which are untrusted, user-generated third‑party contents that the agent reads and interprets as part of its workflow.