attestation

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). The raw GitHub URL points to an executable install.sh (direct script download/pipe-to-sh) and the other is a personal GitHub "scoop-bucket" that can distribute install manifests/binaries from an individual account without obvious provenance or broad community trust, so both are potentially risky unless you vet the repository, contents, and signatures first.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "download" command and Prerequisites in SKILL.md explicitly fetch attestation bundles from GitHub repositories (untrusted public content), and the agent is expected to read/inspect those bundles (inspect/verify commands) which directly influence verification results and subsequent actions.