task-master

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs point to an unknown project/site and a GitHub repo that instruct users to install/run an unvetted npm package via npm/npx (which can execute arbitrary code and leak creds), so while there are no direct .exe downloads the workflow is potentially dangerous.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports "fresh information gathering" and "research-backed task expansion" and requires a PERPLEXITY_API_KEY (and mentions a research tool), indicating it will fetch and ingest open-web third-party content (Perplexity/web results) into the agent's workflow, which can enable indirect prompt injection.