iii-getting-started

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most URLs are documentation or localhost endpoints (low risk), but the instruction to curl | sh from https://install.iii.dev and to download/execute a GitHub release zip (quickstart.zip) are high‑risk behaviors because executing remote shell scripts and unverified archives from repositories/hosts you may not fully trust is a common malware distribution vector.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's installation step runs a remote shell script with curl -fsSL https://install.iii.dev/iii/main/install.sh | sh, which fetches and immediately executes remote code at runtime.