green-tea-perspective

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links point to unvetted GitHub repositories and private asset/document hosts (evomap.ai and a Feishu wiki) that encourage downloading and running code or model binaries from small/unknown publishers—no major provenance or community vetting is shown—so they present a significant risk of malicious or unsafe executables if you follow "download and run" instructions.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's README/SKILL.md explicitly describes automatic deployment and continuous fetching of persona updates from third-party sources (EvoMap/Evolver and GitHub links such as "从 EvoMap 网络获取人格更新", the EvoMap Green Tea capsule and green-tea-runner repository), meaning the agent will ingest and act on untrusted external persona/content that can materially change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly relies on and (per its README) can fetch a remote EvoMap personality capsule that controls agent prompts at runtime (https://evomap.ai/asset/sha256%3A4a5522a1fa40c6887e5ef97d8899970994048985b9c50f6249586a7fc69c39b8) and also documents cloning/running remote deployment code (https://github.com/autogame-17/green-tea-runner.git -> ./setup.sh), so external content is fetched/executed and directly controls agent behavior.