ghost-proxy

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes a direct raw GitHub URL to an install.sh intended to be fetched and run (curl | bash), which is a high-risk distribution vector for malware; the other two URLs (localhost and api.example.com placeholder) are not themselves download sources, but the presence of the direct .sh installer makes the overall set suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent starts a MITM proxy that captures arbitrary HTTP/HTTPS traffic and explicitly instructs inspecting logs and raw entries (e.g., "Viewing Captured Traffic" with reaper logs and reaper get) and using those captured request/response contents in the "Common Workflows / Validate a Security Finding" flow, so the agent will read untrusted third‑party web content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's prerequisite runs a remote install script via curl -sfL https://raw.githubusercontent.com/ghostsecurity/reaper/main/scripts/install.sh | bash, which fetches and executes code from that URL and is required to install the reaper binary before using the skill.