skill-installer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These point to a GitHub repo and an installer script that would be cloned and executed from an unknown/low‑reputation account (the username "doccker" looks like a possible typo‑squat of "docker"); executing shell scripts from an unverified repo is risky even if hosted on GitHub.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones a public GitHub repository (git clone https://github.com/doccker/cc-use-exp.git in "第 1 步") and then executes scripts from it (./tools/sync-config.sh in "第 2 步"), so untrusted, user-hosted repo content could be read/executed and thereby influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installer performs git clone from https://github.com/doccker/cc-use-exp (git clone https://github.com/doccker/cc-use-exp.git) and then runs ./tools/sync-config.sh and installs instruction/config files from that repo, so runtime-fetched content can execute remote code and directly control agent prompts/instructions.