run-codex-bridge

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). High risk: this is a direct download of an install.sh from a personal GitHub account (yigitkonur) and the skill instructs piping it to sudo|bash — a common and dangerous "curl | bash" pattern from an unverified/unknown source, so you should inspect the script and repo, verify release integrity/signature, or prefer official package managers before running.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running a remote install script as root (curl ... | sudo bash) and suggests global installs (npm install -g), which asks the agent/user to obtain elevated privileges and can modify system state.