gtr-workflow

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a GitHub repository (coderabbitai/git-worktree-runner) rather than a direct binary download, but it comes from an unvetted/unknown author and the install instructions instruct cloning and installing a CLI into /usr/local/bin (requiring elevated privileges), so it could execute arbitrary code and is moderately risky until the code and author are verified.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs running a sudo command to create a symlink in /usr/local/bin (modifying a system-wide location requiring elevated privileges), which encourages changing the machine's system state; other actions are project-local.