wzrrd-publish

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). The URL is a direct link to an install.sh on an unrecognized domain and the skill explicitly recommends piping it to bash (curl | bash), which is high risk because it executes remote code from an unvetted source.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command that fetches and pipes remote code from https://wzrrd.sh/install.sh into bash (curl -fsSL https://wzrrd.sh/install.sh | bash), which executes remote code and is a required dependency for the skill to run.