wps

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — the opaque direct ZIP link ("https://...kdocs.zip") is suspicious because it is an unsigned/unverified archive from an unspecified/unknown host used to replace local skill code, and ZIPs can carry scripts/binaries or installers without integrity guarantees.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests arbitrary public webpages via the scrape_url workflow (see references/drive/create_and_upload.md and references/workflows/web-scrape.md) and requires using that fetched, untrusted third‑party content as input for downstream actions (e.g., read_file_content, AI PPT generation), so external page content can influence tool use and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to download and replace the Skill directory from a remote zip link (e.g. "https://...kdocs.zip") and to run installation scripts (e.g. bash scripts/setup.sh) which would fetch and execute remote code, so this is a runtime external dependency that can execute code.