agentic-stack-portable-agent-memory

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links point to an unknown GitHub user’s repository and a third‑party site (ara.so) that instructs users to git clone/tap and run install scripts including shell and PowerShell installers and third‑party brew taps—actions that can execute arbitrary code—so they are moderately suspicious unless the repo/author and install scripts are independently verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation instructions explicitly fetch and run remote install scripts from the repository https://github.com/codejunkie99/agentic-stack (via brew tap / git clone followed by ./install.sh or .\install.ps1), so external code would be retrieved and executed as a required dependency.