tag-duplicate-prs-issues

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These are raw GitHub-hosted shell install scripts (direct .sh URLs intended for curl | bash); while the files come from GitHub (not a URL shortener or typosquat), executing remote shell scripts is inherently risky—inspect the repo, script contents, and author reputation before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read and search PRs, issues, and comments from the openclaw/openclaw GitHub mirror using ghr/ghreplica and to run pr-search-cli (uvx) searches—these are public, user-generated sources whose text the agent must interpret to decide duplicates and perform prtags writes, so untrusted third-party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime install commands that fetch-and-execute remote scripts (curl -fsSL https://raw.githubusercontent.com/dutifuldev/ghreplica/main/scripts/install-ghr.sh | bash ... and curl -fsSL https://raw.githubusercontent.com/dutifuldev/prtags/main/scripts/install-prtags.sh | bash ...), which directly execute remote code and are required for the skill to run.