tag-duplicate-prs-issues

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). These are raw GitHub-hosted shell install scripts referenced for curl|bash from a third‑party GitHub user (dutifuldev); downloading and executing raw .sh from an unverified/unknown repo is a high‑risk pattern because the scripts could contain malicious commands unless you review the repo, commit history, and signatures first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read user-generated content from GitHub (e.g., ghr pr view, ghr search mentions, and pr-search-cli against openclaw/openclaw) and to base duplicate decisions and prtags actions on that content, so untrusted third‑party text could materially influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's required setup instructs running remote install scripts that are fetched and piped to bash—curl -fsSL https://raw.githubusercontent.com/dutifuldev/ghreplica/main/scripts/install-ghr.sh | bash ... and curl -fsSL https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh | bash ...—which execute remote code and are required for the skill to run.