dingtalk-workspace-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These URLs point to a single GitHub repository (and raw.githubusercontent.com install scripts) from an unverified/possibly impersonating account and include direct curl|sh and PowerShell | iex install commands — executing raw scripts from an untrusted repo or releases is a high-risk vector for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes an installation step that runs a curl | sh command fetching a script from raw.githubusercontent.com (https://raw.githubusercontent.com/...), which causes the agent/environment to fetch and execute public GitHub-hosted code (untrusted third-party content) as a required setup step and thus can inject arbitrary instructions that alter behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes installation commands that fetch and execute remote scripts at runtime—e.g., curl -fsSL https://raw.githubusercontent.com/DingTalk-Real-AI/dingtalk-workspace-cli/main/scripts/install.sh | sh and irm https://raw.githubusercontent.com/DingTalk-Real-AI/dingtalk-workspace-cli/main/scripts/install.ps1 | iex (and the git clone https://github.com/DingTalk-Real-AI/dingtalk-workspace-cli.git flow fetches code that is then built/executed)—so these URLs execute remote code required to install/run the tool.