sota-shell-scripting

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.85). The URLs contain multiple high‑risk indicators: an embedded userinfo credential (https://user:$X@) that leaks secrets, a direct GitHub release binary (releases/download/.../tool-linux-amd64) which can distribute executables and is risky unless the repo is well‑known and the binary is checksum/signed-verified, and an install.sh at example.com which encourages dangerous "download-and-run" behavior; only the generic API endpoint looks innocuous.