ru

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The instruction to curl a raw GitHub-hosted install.sh and pipe it to bash from a personal/unknown account (raw.githubusercontent.com/Dicklesworthstone/...) is high-risk because it runs an unsigned remote script with no verification; the plain GitHub repo URLs themselves are low-risk, but the combined advice to download-and-execute a remote .sh makes this a suspicious distribution vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's review/agent-sweep workflows explicitly fetch and analyze open GitHub issues and PRs (see "Phase 1: Discovery" in SKILL.md and the ru-review SKILL.md) and even directs agents to use that PR/issue content to generate plans, commits, comments, and pushes, meaning untrusted user-generated content from GitHub (and referenced Twitter checks via xf) can materially influence agent actions.