opencli-rs

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The X status URL is benign, but the raw.githubusercontent.com link is a direct shell script meant to be piped to sh (and the GitHub repo appears to be a personal/unknown project), which is a high‑risk pattern because it executes remote code from an individual/low‑audience source and could distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and README explicitly instruct the agent to use opencli-rs to fetch/scrape public, user-generated content from many third-party sites (e.g., reddit read, twitter timeline, zhihu hot, browser_evaluate DOM scraping in the YAML examples and the "自迭代能力" flow), so the agent will ingest untrusted web/forum/social content that can influence tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs installing a required runtime dependency by running a remote install script (curl -fsSL https://raw.githubusercontent.com/nashsu/opencli-rs/main/scripts/install.sh | sh), which fetches and immediately executes remote code and therefore represents a high-confidence runtime-executed external dependency.