evolution

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Most URLs are GitHub repositories (generally low risk), but the raw.githubusercontent.com install.sh is a direct shell installer from an individual account intended to be run with "curl | bash", which is high-risk because it executes remote code and could deliver malware if the repository or script is untrusted — inspect the script and repo reputation before running.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains high-risk, deliberate patterns: a curl|bash install with an explicit "allowlist", persistent CLAUDE hooks that execute arbitrary shell scripts on user prompts and tool events (capable of reading project files, prompts, env vars), and automatic self-correction/auto-update flows — together these enable supply‑chain backdoor behavior and stealthy data exfiltration if abused.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs installing hooks via curl from https://raw.githubusercontent.com/... (Hooks-Based Auto-Triggering), which pulls and installs public GitHub-hosted skill and hook code (untrusted, user-generated) that the agent will load and use to route behavior and auto-evolve — therefore third-party content can be ingested and materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command that fetches and executes remote code via curl -fsSL https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh | bash, which installs hooks that control the agent's runtime behavior, so it directly executes remote code and is a required dependency for hook-based auto-triggering.