threads-growth-skill

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Not an obvious direct malware download (no .exe/.msi links or obfuscated redirects), but the package relies on unvetted GitHub repos and a short-domain site plus instructions to export session cookies and run shell scripts — a common vector for credential theft or remote-code execution — so it's moderately suspicious and should be treated with caution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly scrapes third-party social media (threads.net) via scripts/scrape_insights.sh to load user-generated post text/metrics into references/winning-formats.md and then uses that scraped Threads Insights to drive pattern detection and draft generation, so untrusted social-media content is ingested and can influence agent behavior.