build-skills

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Suspicious: it's a direct raw GitHub .sh download from an individual/unverified account (yigitkonur) and the skill prompt recommends piping such a script to sudo/bash — a high-risk pattern for distributing malware unless you inspect and trust the script contents and source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Full research path" (Steps 4 and 4a) explicitly instructs using bash scripts/skill-dl or scripts/skill-research.sh to discover and download candidate skills from remote sources (e.g., GitHub) and then "Read the downloaded corpus thoroughly" — including each downloaded SKILL.md and references — which ingests untrusted public third‑party content that can materially influence comparison, decisions, and subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill documentation explicitly instructs installing skill-dl at runtime via executing remote code with curl|bash (sudo -v ; curl -fsSL https://raw.githubusercontent.com/yigitkonur/cli-skill-downloader/main/install.sh | sudo bash), which fetches and runs external code and is presented as the required tool for the full research path.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs running a network-installed command with sudo (curl ... | sudo bash) and advises installing/moving skill files into the runtime, which directs the agent to obtain elevated privileges and modify the host system.