run-research

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Although hosted on GitHub's raw content domain, these URLs point to executable shell installers from an unverified/unknown account and are intended to be fetched and run (curl|sh), which is high-risk because such scripts can execute arbitrary malicious code on your machine without review.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and ingests public user-generated content (e.g., via reddit-cli search, bird/X search, yt_research.py transcripts, and brave-cli/WebSearch) and instructs the agent to read and synthesize those results to drive recommendations and follow-up actions, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.95). The skill includes runtime installer commands that fetch and execute remote shell scripts (curl -fsSL https://raw.githubusercontent.com/gupsammy/reddit-cli/main/install.sh | bash and curl -fsSL https://raw.githubusercontent.com/gupsammy/brave-cli/main/install.sh | sh), so these URLs are used at runtime to retrieve and run remote code, posing a clear execution risk.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill directs the agent to run shell commands and to download-and-execute remote installers (curl | bash/sh), which will modify the host system (install software, alter files) and may require or escalate privileges—posing a high risk of compromising machine state.