autonomous-loops

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a raw GitHub URL pointing to an install.sh (commonly used with curl | bash); executing arbitrary remote shell scripts is high-risk unless you have reviewed the repository and script contents and fully trust the author.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Continuous Claude" CI failure recovery workflow explicitly instructs the agent to fetch and inspect CI run data via GitHub CLI commands (e.g., "gh run list" / "gh run view") and then spawn new claude passes to fix failures, meaning the agent consumes user-generated third-party CI/log output which can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes an installation step that runs remote shell script via curl and pipe to bash (https://raw.githubusercontent.com/AnandChowdhary/continuous-claude/HEAD/install.sh), which fetches and executes external code at runtime and is presented as the required installer for the "continuous-claude" loop.