award-winning-website

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The GitHub URL points to an unverified/unknown account and the skill instructs cloning, removing git history, and running npm install/build (which can execute arbitrary postinstall scripts and hide provenance), so it could be used to distribute malicious code; the localhost:5173 address itself is just a local dev server.