codearts-shared

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Moderate risk — the GitHub URL points to an unverified third‑party repository (could contain malicious install scripts or prebuilt binaries if cloned/built/run without review) and the gateway URL is a private IP (10.250.63.100:8099) which may be a legitimate internal service but can be abused to redirect credentials or requests to an attacker‑controlled internal endpoint, so you should inspect the repo and prefer official published packages before running anything.