evolution

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). Although the first two links point to known GitHub orgs and the domains are legitimate, the raw GitHub URL is an install.sh intended to be piped to bash (curl | bash) and the skill would install executable hooks that run commands—so while not obviously typosquatting, executing that remote .sh from an unvetted/low-activity repo is potentially dangerous and should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installer and docs explicitly fetch code from a public GitHub URL (curl https://raw.githubusercontent.com/...) and the router's systemMessage instructs Claude to "load" named skills (which include community/ directories of community-contributed files), meaning the agent is expected to read and use third-party, user-contributed content from the public repo at runtime.