visual-debug

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). Suspicious: this is a direct raw.githubusercontent.com link to an executable install.sh from an unfamiliar GitHub user (voidmatcha); executing remote .sh files is high-risk because they can run arbitrary commands—inspect the script and repo reputation before running.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly opens and inspects arbitrary external websites (e.g., batch-scroll.sh / auto-diagnose.sh call agent-browser --session open and run agent-browser eval to extract DOM/computed styles, and Phase E instructs an LLM subagent to read ref+impl image pairs), so untrusted third‑party page content is fetched and interpreted at runtime and can change the agent's diagnostic/decision workflow.