autonomous-loops

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). This is a direct raw.githubusercontent.com link to an install.sh in a personal GitHub repo and the skill explicitly suggests piping it to bash—executing an arbitrary remote shell script (curl|bash) is high risk even if hosted on GitHub.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's Continuous Claude workflow explicitly fetches and interprets third‑party GitHub data (e.g., using gh run view to read CI logs and PR context and then launching claude -p to generate fixes) — and also includes an installation curl from raw.githubusercontent.com — meaning untrusted, user-generated web content is ingested and can directly influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains an installation step that runs remote code at runtime via curl -fsSL https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh | bash, which fetches and executes a remote script the skill relies on for Continuous Claude, so it directly executes external code.