evolution

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The presence of a raw GitHub shell script being installed via "curl ... | bash" from a personal/third‑party repository (ZhangHanDong/makepad-skills) — combined with other unverified GitHub accounts (project-robius) — is a high‑risk pattern because it executes remote code immediately; while makepad/makepad looks like an official repo, the install instruction to run an unreviewed .sh makes the overall source suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs installing hooks by fetching and executing a script from raw.githubusercontent.com ("curl -fsSL https://raw.githubusercontent.com/.../install.sh | bash"), and those hooks auto-load and route external skill files (including community contributions) that the agent will read and act on, meaning public, untrusted repository content can materially influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs running "curl -fsSL https://raw.githubusercontent.com/ZhangHanDong/makepad-skills/main/install.sh | bash -s -- --with-hooks", which fetches and executes remote install.sh from raw.githubusercontent.com that installs hooks into .claude/hooks/ that run shell commands and can directly control prompts or execute code at runtime.