newsletter-curation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These are short/unknown domains serving a shell installer (curl ... | sh) from a non‑well‑known vendor — a high‑risk pattern because it executes remote code without package manager protections or verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and curate open web and social content (e.g., commands using infsh/tavily-search-assistant and exa/search, a "site:reddit.com" query, and mentions of Twitter/LinkedIn/Reddit/HN) which are untrusted, user-generated third‑party sources the agent is expected to read and interpret as part of its workflow.