installing-tribal

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These endpoints are hosted on GitHub (a legitimate CDN) but include a direct shell installer URL (tribal-installer.sh) intended to be fetched and executed—piping an unreviewed script from an unfamiliar repo to sh is a high-risk pattern even if the other raw/config URLs are low-risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Docker Compose install flow explicitly fetches public release artifacts via curl from GitHub (see Step 1's snippet using https://api.github.com/... and https://raw.githubusercontent.com/... to download docker-compose.yml and .env.example) and directs consulting public provider/model pages, so the agent would ingest untrusted third-party content that can materially influence configuration and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs runtime curl commands that fetch and execute remote content — in particular the shell installer piped to sh at https://github.com/tribal-memory/tribal/releases/latest/download/tribal-installer.sh and the raw GitHub files downloaded from https://raw.githubusercontent.com/tribal-memory/tribal/$tag/docker-compose.yml and https://raw.githubusercontent.com/tribal-memory/tribal/$tag/.env.example (followed by docker compose up) — which execute remote code or launch remote-published images and are required install paths in the skill.