ru

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The presence of a raw.githubusercontent.com/install.sh URL (used in a curl|bash one-liner) from an unvetted GitHub user (Dicklesworthstone) is a direct script download/execute pattern from an unknown source—high-risk even though it's hosted on GitHub; the generic owner/repo links are neutral but do not mitigate the danger of executing the raw .sh.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's review/agent-sweep workflows explicitly fetch and analyze open GitHub issues and PRs (see "Phase 1: Discovery" in SKILL.md and the ru-review SKILL.md) and even directs agents to use that PR/issue content to generate plans, commits, comments, and pushes, meaning untrusted user-generated content from GitHub (and referenced Twitter checks via xf) can materially influence agent actions.