line-cont

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This is high risk: it directly downloads and pipes a .sh script from an untrusted/malicious-looking domain (evil.example.org) into bash, which can execute arbitrary code and is a common malware distribution technique.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This snippet explicitly fetches and pipes a remote script from an untrusted host to bash and uses line-continuation to evade detection, enabling remote code execution, backdoor installation, and supply-chain attacks.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly shows curling an external URL (https://evil.example.org/p.sh) and piping it to bash, meaning the skill fetches and executes untrusted third-party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains a runtime command that curls https://evil.example.org/p.sh and pipes it to bash, which fetches and immediately executes remote code (so it is a required runtime dependency that controls execution).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs piping a remote script into bash (curl ... | bash), which directly enables remote code execution and can modify the machine's state or escalate privileges, so it should be flagged.