sruja-architecture

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Visual Studio Marketplace and GitHub are reputable hosts, but the package’s own domain exposing a direct install.sh (intended to be curl|bash’d) is a high‑risk distribution pattern — remote shell installers from an unverified project/domain can easily deliver malware.