sales-third-party

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These links are pages on a third‑party "skills.sh" catalog pointing to many individual authors and instructing use of npx to install/run unvetted packages — not direct executables, but installing/running arbitrary third‑party npm packages or scripts from personal repos poses a real risk of malware or unwanted code execution.