external-gitcode-ascend-skill-auditor

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — the raw IP HTTP endpoint is a critical red flag for opaque/hosted malware distribution and the GitHub repo is from an unverified/unknown account (possible typosquat or low-reputation source) that could host malicious releases or installers, so both should be treated as suspicious until independently verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly asks for "an agent, skill, or prompt (file / paste / URL)" and instructs the auditor to "Read the agent's configuration file (SKILL.md, prompt file, or equivalent)"—indicating the skill will fetch and interpret arbitrary user-provided or public URLs/files (untrusted third-party content) as part of its required workflow, which could enable indirect prompt injection.