agent-defibrillator

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a third‑party GitHub repo from an unknown account that provides an install.sh and explicit instructions to clone and execute it — cloning is common but running unreviewed shell scripts from a small/unknown repo is a high‑risk vector for malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's install workflow and README explicitly instruct the agent/user to clone or curl code from public GitHub/Raw GitHub URLs (e.g., "git clone https://github.com/hazy2go/agent-defibrillator.git" and the curl to raw.githubusercontent.com in README/install.sh), so the agent is expected to fetch and execute untrusted third‑party content which can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README and installer instruct fetching and executing remote code at runtime from the repository (e.g. https://raw.githubusercontent.com/hazy2go/agent-defibrillator/main/defibrillator.sh and https://github.com/hazy2go/agent-defibrillator.git) — for example the one-liner uses curl ... | bash and install.sh downloads that raw script and installs/executes it, so the skill depends on and executes remote code at runtime.