teach-oh

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are GitHub-hosted release binaries and raw repo files from an organization (open-horizon-labs) — while GitHub is a common distribution channel, the links include direct, unsigned executable downloads (curl + chmod + run) which are higher-risk unless you can verify the publisher, checksums, or build the code yourself; the raw .ts and agent files are lower risk but should still be reviewed before use.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and installs remote files from public GitHub URLs (e.g., downloading the repo-native-alignment binaries from github.com/releases and fetching hook/agent files from raw.githubusercontent.com in Steps 1, 4, 5, and 6), and those fetched third‑party files are written into the project and used to guide/drive agent behavior, so untrusted remote content can materially influence tool use and next actions.