guide-me

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Most URLs are documentation or community pages (low risk), but the list includes https://claude.ai/install.sh — a direct shell script intended to be downloaded/executed (e.g., via curl | bash), which is a high-risk malware distribution vector unless its contents and source are independently verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md runtime workflow explicitly instructs the agent to WebFetch official docs and community sources—including untrusted, user-generated content on reddit (e.g., https://www.reddit.com/r/ClaudeCode/ and other reddit subreddits)—and to read, synthesize, and cite that content at runtime, which can directly influence answers and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly fetches live documentation pages at runtime (e.g., https://code.claude.com/docs/en/ and the docs index https://code.claude.com/docs/llms.txt) to synthesize and cite content for its responses, so external content directly influences the agent's instructions and is a required runtime dependency.