ui-capture

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The presence of a direct raw GitHub shell script (https://raw.githubusercontent.com/voidmatcha/.../install.sh) that the skill suggests piping to bash is a high-risk indicator (unvetted executable from an unknown account), while http://localhost:3000 (local dev server) and https://www.naver.com (major legitimate portal) are low-risk — overall this set represents a moderate-to-high risk because of the install.sh download-and-execute pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly opens and evals arbitrary reference URLs (SKILL.md Phase 1: agent-browser open ) and runs detection evals on third-party pages (detection.md: "Detection evals run on untrusted third-party pages", saving selectors/classnames into regions.json) which the agent then interprets to choose captures and follow-up actions, exposing it to untrusted user-generated web content that could embed directive-like strings and thus influence tool decisions.