opencode-openai-codex-auth

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs point to an unknown short domain and a single-author GitHub repo/GitHub Pages plus instructions to npx/clone and run code (which will download and execute unvetted code and use ChatGPT session tokens) — not direct .exe links but still a moderate-to-high risk for malicious or credential‑stealing behavior if the package/repo is untrusted.