python-autotuner

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The URL points to a direct shell installer (install.sh) which invites piping and executing remote code — a high-risk pattern even if the domain (astral.sh) looks legitimate; you should first inspect the script, verify its source/checksum or use an official package manager rather than executing it blindly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md Phase 1 explicitly instructs fetching and executing a public installer via "uv --version || curl -LsSf https://astral.sh/uv/install.sh | sh", which downloads and runs third‑party code from the open web that can materially change the agent's environment and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs this at runtime: curl -LsSf https://astral.sh/uv/install.sh | sh — which fetches and immediately executes remote code to install the required "uv" tool that the skill uses, so this is a high-confidence runtime external dependency that executes remote code.