bug-bounty

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). The list contains many direct-download/install-script URLs (raw.githubusercontent.com install.sh, GitHub releases linking binaries/tar.xz), unknown/small GitHub repos and personal/attacker-controlled domains (evil.com, attacker.com, burpcollaborator endpoints), and other direct executable/script references — which are high-risk sources for malware distribution if executed without verification.