fp-plan

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The URL is a direct link to an install.sh on an unverified subdomain (setup.fp.dev) and the skill instructs piping it straight to sh — executing an unknown remote shell script is a high-risk vector for malware or supply‑chain compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses external, user-provided content from public third‑party sources—specifically GitHub issues (via gh), Linear issues (via get_issue), and Notion pages (via notion-fetch)—and ingests that untrusted user-generated content into its planning workflow.