habitat-usage

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are direct downloads of a binary/archive: two GitHub release links from a relatively unknown repo (lynx-family/habitat) and an unversioned HTTP zip (example.com/tooling.zip); combined with instructions to execute the downloaded binary and no enforced integrity verification, this presents a moderate-to-high risk of malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs using DEPS entries for git and http dependencies (examples include git@github.com URLs and https://example.com/tooling.zip) and running "./hab sync ." which fetches and materializes arbitrary public repos/archives — including "action" deps that can execute code — so untrusted third‑party content is ingested and can influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The guide explicitly instructs downloading and making executable a remote binary via curl from https://github.com/lynx-family/habitat/releases/download/${HABITAT_VERSION}/hab (and the /latest download variant), which would fetch and potentially execute remote code at runtime and is presented as a required dependency for using the tool.