detection

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The collection is suspicious because multiple links point to an untrusted domain (evil.com) providing direct executable/script downloads and a phishing-style reset URL (.exe and .hta are high-risk), even though the GitHub (SigmaHQ/sigma) and MITRE pages are legitimate.