workflow

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). webi.sh is a third‑party short/installer URL that serves a shell script (used here with "curl | sh"), which obscures the actual payload and can execute arbitrary code—making it a suspicious, higher‑risk distribution vector even if commonly used for gh installers.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes the GitHub CLI (e.g., gh run view, gh workflow view, gh run download) to fetch run logs, workflow files, and artifacts from GitHub repositories—public, user-generated content that the agent would read and interpret.