skiplagged

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). These URLs host direct .sh installers and setup scripts on an unverified/unknown domain and the skill explicitly instructs using "curl | bash" — a high‑risk pattern that can execute arbitrary code from an untrusted source, so they should be treated as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate and scrape skiplagged.com via Playwright (see "Opens skiplagged.com via Playwright MCP" and the Authentication Flow), meaning it fetches and interprets live, public third‑party web content (search results/fare pages) and uses that information to drive recommendations and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The SKILL.md contains installation commands that fetch and execute remote scripts (e.g., "curl -sSL https://canifi.com/skills/skiplagged/install.sh | bash", and it also references https://canifi.com/install.sh and https://raw.githubusercontent.com/majiayu000/claude-skill-registry/main/skills/travel/skiplagged/SKILL.md), so external content would be fetched and executed/required during setup.