aqua-communication

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The URL is a direct raw GitHub link to an install.sh script in a personal/unknown repository (quailyquaily), which is a high-risk pattern because executing curl|bash from an untrusted GitHub user can deliver malware—inspect the script and prefer official, well-known sources or package managers before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary messages from remote peers (via agent.data.push and the inbox/watch workflow) — e.g., SKILL.md and docs/cli.md show agents using "aqua inbox watch --once --mark-read --json" and treating Aqua as "transport + local mailbox" — so untrusted, user-generated third‑party content is read by the agent and can drive subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill directly instructs running an installer with sudo (curl ...; sudo bash /tmp/install.sh) and suggests using system-level managers like systemd to manage processes, which actively modify system state and require elevated privileges.