r20-glebis-seo-content-marketing-skills

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links point to GitHub repositories and an external site (no direct .exe/.zip payloads), but they are unvetted/forked repositories from an unfamiliar username (OhmWhaleIncrease) and the install instructions copy code into a local agent runtime—behavior that can deliver malicious scripts—so the sources should be treated as moderately risky until verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly crawls and ingests public websites and SERPs (e.g., /content-audit --scope full, /technical-seo , /competitor-gap and SERP/top-10 analysis) and integrates external APIs (SEMRUSH/AHREFS) so the agent reads untrusted third-party pages whose content can materially change recommendations and follow-up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly includes a runtime command that fetches and loads remote skill code from https://github.com/OhmWhaleIncrease/r20-glebis-claude-skills-seo (via "/load-skill "), which would pull external content into the agent to define/drive its prompts and behavior.