tapestry

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). docs.astral.sh looks like a documentation site, but the direct install.sh URL is a remote shell installer from a relatively small/less-known domain (intended to be run via curl | sh), which is inherently risky and could be used to distribute malware if the source isn't verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and extracts content from arbitrary public URLs — e.g., YouTube transcripts via yt-dlp, web articles via trafilatura/reader, and PDFs downloaded with tapestry-safe-download — and then reads and processes that extracted, user-generated/untrusted content to create action plans, which enables indirect prompt injection.