grepai-installation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). They link to a personal GitHub repository and raw install scripts (.sh and .ps1) intended to be piped directly into a shell/PowerShell—an inherently high-risk pattern because such scripts can run arbitrary commands and the account/repo trustworthiness may be unknown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's installation instructions explicitly fetch and run code from public GitHub URLs (curl/ PowerShell to https://raw.githubusercontent.com/.../install.sh and git clone https://github.com/yoanbernabeu/grepai.git), which are open, user-controlled third-party sources that would be ingested/executed as part of installation and could therefore carry untrusted content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installation commands "curl -sSL https://raw.githubusercontent.com/yoanbernabeu/grepai/main/install.sh | sh" and "irm https://raw.githubusercontent.com/yoanbernabeu/grepai/main/install.ps1 | iex" fetch scripts from raw.githubusercontent.com at runtime and immediately execute remote code, so they directly control execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs running commands with elevated privileges (sudo/Admin), installing binaries into system paths like /usr/local/bin, and piping remote scripts to sh—actions that modify system state and can compromise the machine.