mandex

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs belong to a small/unknown project and include a direct install.sh endpoint (recommended to be piped to sh) plus a GitHub repo and private CDN — fetching and executing a remote shell script or binaries from an unvetted repo/CDN can deliver arbitrary code and is therefore risky.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and ingests public documentation packages via commands like "mx pull" and "mx sync" from the Mandex CDN (configured as https://cdn.mandex.dev/v1) and then the agent searches/reads those package entries with "mx search"/"mx show", so untrusted third-party docs can be interpreted and materially influence agent decisions and tooling behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions fetch and execute remote code—specifically "curl -fsSL https://mandex.dev/install.sh | sh" and "git clone https://github.com/chonkie-inc/mandex.git" followed by a local build—so those URLs enable execution of remote code during setup.