implement

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). One URL is incomplete/invalid and the other two are generic GitHub repo paths from unknown users — GitHub repos and releases can legitimately host code but are commonly used to distribute malicious binaries when from untrusted/low-reputation accounts, so without verification these sources are potentially risky.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly fetches and analyzes public web URLs (see "WebFetch" and "Source Detection: Web URLs (GitHub, GitLab, CodePen, JSFiddle, documentation sites)") and uses that content to drive implementation decisions and code changes, so it consumes untrusted third-party content that can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs WebFetch on user-provided URLs (e.g., "https://github.com/user/feature") at runtime and uses the fetched repository/content to drive its analysis and implementation instructions, meaning external content can directly control agent prompts and behavior.