zai-orchestrator

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a GitHub repository hosted under an unfamiliar/personal account (tianxiao1430-jpg) rather than a known vendor—while not a direct .exe download, the skill's suggested npx/git install would fetch and execute unvetted code so it presents a moderate-to-high risk of being used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs Phase 2 "Augment (Search)" to call search-expert / zai_web_search to retrieve external web content (open/public sites) and to "综合对比不同方案", meaning the agent ingests and uses untrusted third-party web results to drive technical decisions.