busybox-on-windows

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are direct .exe downloads served from a third‑party domain (frippery.org) — a site historically known to host Windows BusyBox builds and linked from busybox.net, but because they are unsigned binaries from a non‑official distributor they represent a potential malware distribution vector unless you verify checksums/signatures and provenance.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs downloading and running a BusyBox binary from public third-party URLs (Invoke-WebRequest to https://frippery.org/... in step 3), which clearly fetches untrusted external content that the agent would execute/use and could therefore influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime PowerShell commands download and install an executable from https://frippery.org/files/busybox/busybox64.exe (and related frippery.org busybox binaries), which fetches and will execute remote code as a required dependency.