ai-marketing-claude-suite

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Although many domains listed are generic/placeholders, the presence of an unknown GitHub repo (zubair-trabzada/ai-marketing-claude) and a direct raw.githubusercontent.com install.sh referenced for curl | bash installation is a high‑risk distribution pattern (remote executable script from an untrusted source), so the set should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and analyzes arbitrary public websites (e.g., /market audit and scripts/analyze_page.py which calls requests.get and BeautifulSoup to scrape pages), so untrusted third-party webpage content is ingested and used to drive analysis and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's one-command installer fetches and pipes a remote shell script to bash (curl -fsSL https://raw.githubusercontent.com/zubair-trabzada/ai-marketing-claude/main/install.sh | bash), which would execute remote code as part of installing the required skill files.