planview

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). They are direct links to shell/PowerShell install scripts on an unverified third-party domain and the skill instructs piping them to bash/iex — a common and high-risk malware distribution pattern unless the domain and scripts are verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires running remote install scripts (curl -fsSL https://plannotator.ai/install.sh | bash and irm https://plannotator.ai/install.ps1 | iex) during setup/runtime, which fetch and execute remote code and are presented as required dependencies for the skill.