tensorpm-agentic-pm

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). High risk: the skill instructs piping remote install scripts from a personal GitHub repo (raw.githubusercontent.com links to .sh and .ps1) directly into shell/PowerShell — a classic, dangerous pattern for malware distribution; the GitHub Releases link points to an unvetted user repo (potentially hosting installers), while the localhost URL itself is benign but tied to the same untrusted workflow.