splitwise-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The splitwise.com links are official and low-risk, but the skill instructs users to curl and pipe a raw GitHub-hosted install.sh (raw.githubusercontent.com/oristides/...), which is an unverified third‑party shell script — executing such scripts directly is a common vector for malware and therefore makes the overall source suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the CLI to call the Splitwise API (e.g., "splitwisecli config" verifies via user me) and to run commands that fetch user-generated data (group list, expense list, comment list) from third-party services (secure.splitwise.com), and even the installer curl pulls a script from raw.githubusercontent.com — all of which the agent reads/uses to determine subsequent commands, so untrusted third‑party content could influence behavior.