slb

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The skill tells users to curl and pipe a raw .sh from raw.githubusercontent.com for an unvetted GitHub user (direct remote shell execution is a common malware vector), and also references a webhook endpoint that could be used for data exfiltration—together these are high-risk indicators.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Quick Start explicitly instructs running curl -fsSL https://raw.githubusercontent.com/.../install.sh | bash (fetching and executing a raw GitHub URL), which clearly ingests arbitrary public third‑party content that can materially change behavior and thus enable indirect prompt/instruction injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs the agent to request and execute arbitrary shell commands on the local machine (e.g., slb run "rm -rf ...", emergency-execute, curl|bash install, daemon/tcp execution), which enables modifying or destroying system state and running privileged actions on the host.