larc-onboarding

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw GitHub link to an install.sh (shell) script from an individual GitHub account and is used with a curl | bash pattern in the prompt — such scripts can run arbitrary commands on the host and should be treated as high risk unless the repository and author are verified and the script has been manually inspected.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md onboarding steps (Step 5) explicitly instruct fetching and executing a public install script via curl from https://raw.githubusercontent.com/ShunsukeHayashi/lark-agent-runtime/main/scripts/install.sh, which is untrusted third‑party (GitHub raw) content that the workflow consumes and can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command that fetches and executes remote code via curl -fsSL https://raw.githubusercontent.com/ShunsukeHayashi/lark-agent-runtime/main/scripts/install.sh | bash, which directly runs external code and is presented as a required step for the LARC runtime.