excel

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a direct link to a remote shell installer (install.sh) which is inherently high-risk because running curl | sh executes unreviewed code; even if astral.sh may be an official site for the "uv" tool, you should verify the publisher, inspect the script and checksums/signatures before running it since such URLs can be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md "功能二：创建 Excel" 工作流程明确要求 the AI model to "从任意来源（网页、文档、API 等）获取数据" (collect data from webpages/documents/APIs), meaning untrusted third‑party content can be ingested and used to generate the JSON that drives the excel-writer tool, which could materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime invokes "uv sync" / dependency installation which will fetch and install Python packages from the configured PyPI mirror (e.g. https://mirrors.aliyun.com/pypi/simple/ and the specific package URLs listed in uv.lock such as https://mirrors.aliyun.com/pypi/packages/...), meaning remote code is downloaded and executed as a required dependency for the skill.