rtk-setup

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Suspicious: this is a direct raw GitHub URL to an install.sh script from an unverified rtk-ai/rtk repository and the skill tells users to curl ... | sh — executing remote shell scripts without verification is high-risk and commonly used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md STEP 1 explicitly instructs running a curl of a raw GitHub URL (https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh), which fetches and executes untrusted third‑party code from GitHub that can alter agent tooling/behavior and thus materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime command that fetches and executes remote code—curl -fsSL https://raw.githubusercontent.com/rtk-ai/rtk/refs/heads/master/install.sh | sh—which is used to install a required dependency (rtk) and thus directly executes external code.