setup-workflow-skills

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw GitHub shell installer (install.sh) from an unverified third‑party repo — piping a remote .sh to bash executes arbitrary code and is a common malware distribution vector even though raw.githubusercontent.com is a legitimate host.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running a curl of a raw.githubusercontent.com URL piped to bash ("curl -fsSL https://raw.githubusercontent.com/gastownhall/beads/main/scripts/install.sh | bash"), which fetches and executes public third‑party code (untrusted) as part of the required setup workflow and could therefore influence subsequent tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs at runtime to execute a remote install script via curl -fsSL https://raw.githubusercontent.com/gastownhall/beads/main/scripts/install.sh | bash which fetches and executes remote code as a required dependency (Beads CLI), so this URL is a high-confidence runtime risk.