halo-cli-operations

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). They point to downloadable archives/executables (.jar, .zip) hosted on an untrusted/placeholder domain (example.com) — not an official vendor/CDN — making them a suspicious distribution vector for malware even if the image file itself is lower risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly allows installing or upgrading themes and plugins and uploading/downloading attachments from arbitrary URLs (e.g., "theme install --url", "plugin install --url", "attachment upload --url") and even documents a --yes bypass for non-www.halo.run hosts, so the agent can fetch untrusted third‑party content that could influence subsequent tool actions.