md-to-feishu

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). mermaid.ink is a known image-rendering API and low-risk for fetching PNGs, but https://astral.sh/uv/install.sh is a direct remote shell script (the classic curl | sh install pattern) which can execute arbitrary code and is a high-risk distribution vector unless you verify the script and its source; overall treat this set as moderately high risk.