texforge

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs include raw .sh and .ps1 installer scripts hosted in a personal GitHub repo and the skill explicitly tells users to pipe them into sh/PowerShell (curl | sh, irm | iex), which is a high-risk pattern for arbitrary/malicious code execution (the tectonic site itself is legitimate but does not mitigate the risk of the unvetted install scripts).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill documentation (SKILL.md and README) explicitly shows the CLI fetching remote content—e.g., "texforge template add ... # descarga desde registry" and "texforge template list --all — lista ... registry remote", plus auto-downloading tectonic and install scripts from raw.githubusercontent.com—so the agent will ingest public, potentially user-contributed templates/binaries as part of its workflow, which could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes explicit install commands that fetch and execute remote scripts at install/runtime (curl -fsSL https://raw.githubusercontent.com/JheisonMB/texforge/main/install.sh | sh and irm https://raw.githubusercontent.com/JheisonMB/texforge/main/install.ps1 | iex), which clearly download and run external code as a required setup step.