byterover-cli-memory-layer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The package set includes a high-risk indicator: an explicit instruction to curl https://byterover.dev/install.sh and pipe it to sh (remote shell execution of an unverified script), which is dangerous; the other URLs (app.byterover.dev, ara.so, a placeholder registry.example.com, and a Git repo URL) are lower-risk in isolation but could still host malicious content if the sources are untrusted or compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests content from external/shared ByteRover Cloud and registries (e.g., brv vc clone , brv vc pull, brv hub install, brv hub registry add ), which can contain untrusted/user-generated context that agents will query (brv query) and use via MCP—allowing third‑party content to influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions explicitly run a remote script via "curl -fsSL https://byterover.dev/install.sh | sh", which fetches and executes remote code as a required setup step for the CLI, posing a high-risk runtime dependency.