proto

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The prompt instructs fetching and executing remote artifacts (a shell install script via curl|bash, WASM plugins, and TOML plugin manifests) from unverified/placeholder domains (example.com), a raw GitHub URL (which can contain arbitrary code), and an internal proxy — all of which are common vectors for delivering malicious code if the sources or repos are not explicitly trusted, so this is a high-risk pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly allows proto to fetch and load remote, user-provided plugin manifests and WASM from arbitrary public URLs (e.g., "proto plugin add atlas "https://raw.githubusercontent.com/.../plugin.toml\"" and [plugins] entries in .prototools pointing to https://... or example.com), which are untrusted third‑party sources that the agent is expected to read/interpret as part of installing and running plugins.