identify-malicious-repository

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Most listed domains are legitimate (github.com, api.github.com, avast.com, clamav.net) but the inclusion of a GitHub repository that impersonates Avast and likely hosts cracked executables (viceofficialtower74/Avast-Premium-Security-Windows-Latest) is a clear indicator of a high-risk malicious distribution source, so the overall set is suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md includes code and shell examples that fetch and parse public, user-generated GitHub content (e.g., https://api.github.com/repos/{repo_full_name} and the /readme endpoint via requests/curl) and explicitly uses that data to compute risk scores and drive warnings/recommendations, so untrusted third-party content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime code (requests.get and curl examples) that fetches repository metadata from the GitHub API (e.g., https://api.github.com/repos/{repo_full_name} and the readme endpoint) and uses that fetched content to directly drive the risk-scoring logic and warnings, so the external URL controls the agent's outputs at runtime.