lean-ctx

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The URL is a direct raw GitHub-hosted shell install script from an individual/unknown account and is intended to be fetched-and-executed (curl | bash), which, while hosted on a legitimate CDN (raw.githubusercontent.com), is inherently risky because it allows arbitrary code execution from an unverified source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly shows runtime use of fetching arbitrary web content (e.g., "lean-ctx -c curl -s " and listing curl/wget as supported commands) and the provided install script also fetches releases from GitHub (https://api.github.com and github.com), meaning the agent will ingest and interpret untrusted third-party web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's documented setup fetches and executes remote install code at runtime (e.g., curl -fsSL https://raw.githubusercontent.com/yvgude/lean-ctx/main/skills/lean-ctx/scripts/install.sh | bash and subsequent downloads from https://github.com/yvgude/lean-ctx/releases/...), so external content is executed and required for the skill to run.