roblox-testing

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). This is a raw GitHub-hosted install.sh (often used with curl … | sh), which is a direct remote shell script execution vector — even though it's on githubusercontent and the nicbarker account may be legitimate, downloading and running an unreviewed .sh from a repo is a common malware distribution pattern and should be treated as suspicious unless you audit the script and trust the maintainer.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The GitHub Actions CI step runs curl -LsSf https://raw.githubusercontent.com/nicbarker/aftman/main/install.sh | sh which fetches and directly executes remote shell code at runtime as a required install step.