omnigraph-best-practices

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are mostly local endpoints and an official Docker docs link (low risk), but the presence of a direct raw GitHub shell script that the prompt instructs to curl|bash is a high‑risk pattern unless you inspect and verify the repository and script, so treat the set as moderately risky.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's "Bootstrap a local RustFS" step tells users to run curl -fsSL https://raw.githubusercontent.com/ModernRelay/omnigraph/main/scripts/local-rustfs-bootstrap.sh | bash, which fetches and executes a public GitHub script (untrusted third-party content) as part of the required workflow and thus could inject instructions that materially change agent/tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs users to run a bootstrap command that pipes a remote shell script to bash (curl -fsSL https://raw.githubusercontent.com/ModernRelay/omnigraph/main/scripts/local-rustfs-bootstrap.sh | bash), which downloads and executes remote code at runtime and is presented as the recommended setup step.