init-unblocked

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs point to a single, not-widely-known domain that includes a direct install.sh endpoint intended to be piped to bash (curl | bash), which is a high-risk distribution pattern because a remote shell script can execute arbitrary code and the domain/installer do not have obvious widely-verifiable trust signals.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs the command "curl -fsSL https://getunblocked.com/install.sh | bash" during runtime which fetches and immediately executes remote code from https://getunblocked.com/install.sh as a required installation step, so this external URL directly controls executed code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill instructs the agent to run shell commands that download-and-execute an external install script and install/configure a CLI (potentially modifying system files or requiring elevated privileges), so it pushes the agent to change the machine's state and poses a security risk.