fabled-packer-redeem-seo-content-marketing-suite

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links point to an obscure GitHub repo owned by an unusual/suspicious username plus an unknown domain (ara.so) that instructs cloning and running code locally (including installing npm packages and setting secrets), which makes them a potentially unsafe distribution vector for malicious scripts or credential-exfiltration even though they’re not direct .exe downloads.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and analyzes content from arbitrary public websites and search results (e.g., /content-audit , /keyword-research shows "Fetching SERP data …", /page-speed-seo , /competitor-gap <competitor1...>) and then uses those third‑party pages to drive analyses, recommendations, and automated actions (e.g., ai-content-pipeline auto-publish), so untrusted web content can materially influence the agent's behavior.