video-subtitle-remover

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are raw files from an individual GitHub repository (binary ML models and repo content); raw.githubusercontent.com is a common and generally safe host, but because the workflow downloads binaries and code from an unverified/low-profile user and then executes/install things locally, it poses a moderate risk if the repository is malicious or tampered with.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and installs code and model files from a public GitHub repository (calls to api.github.com and raw.githubusercontent.com in SKILL.md/README.md) and then executes/uses that code, meaning untrusted third‑party content is ingested and can directly influence runtime actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill openly downloads and writes remote Python code and model files at runtime from GitHub (e.g. https://api.github.com/repos/YaoFANGUK/video-subtitle-remover/git/trees/main?recursive=1 and https://raw.githubusercontent.com/YaoFANGUK/video-subtitle-remover/main/...), which are required for operation and result in executing that fetched code (e.g., run_remove.py), so this is a runtime remote-code dependency.