world-cup

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These point to a hosted skill page and a raw GitHub install.sh — while the domain and GitHub user look plausible, the raw .sh is a direct install script (commonly used with curl | bash) which is inherently risky if not inspected or from a fully trusted, well-audited repo.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime LLM context is populated via its MCP tools (e.g., worldcup-fan-sentiment-context pulling “live X + web” social/news text), which is outsider-authored free-form content fetched at runtime and then ingested into the agent’s context through the MCP tool outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start contains a curl command that pipes https://raw.githubusercontent.com/machina-sports/machina-cli/main/install.sh | bash which fetches and executes remote code, and the skill explicitly shells out to the machina-cli (a required runtime dependency), so this URL can directly execute code during setup/runtime.