dot

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). These URLs include direct links to install scripts (.sh and .ps1) served from a domain that isn’t instantly verifiable as a trusted vendor — delivering executable scripts over HTTPS is a common malware vector, so unless you can verify the publisher, inspect the scripts, and confirm checksums/signing, treat them as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill sends user questions to an external Dot agentic API (src/ask.mjs posts to ${server}/api/agentic and SKILL.md documents this flow) and then downloads and automatically reads untrusted assets (chart/csv/file download URLs from additional_data.assets via src/http.mjs::downloadFile), while also using returned fields like suggested_follow_ups and chat_id to drive follow-up actions — meaning third-party responses and downloaded files can materially influence subsequent tool use and behavior.