learn

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs are API and homepage endpoints for agentskill.sh (not direct binary downloads), but the skill instructs installing and running a remote CLI via npx (@agentskill.sh/cli) — effectively executing code fetched from an external, non-mainstream domain — which is a supply‑chain / remote‑execution risk if the package or site is malicious or compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated content from the public agentskill.sh site (e.g., via npx @agentskill.sh/cli search "<query>" --json, WebFetch calls like https://agentskill.sh/api/agent/... for trending/skillsets, and installs skills based on returned slugs as described in SKILL.md), and those external descriptions/metadata are read and used to drive decisions and install actions, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill delegates runtime operations to the externally-fetched CLI via "npx @agentskill.sh/cli" and makes WebFetch calls to https://agentskill.sh (e.g. https://agentskill.sh/api/agent/skillsets//install and https://agentskill.sh/api/agent/skills/learn/version), so remote content/code from agentskill.sh/npm is fetched and executed at runtime and is a required dependency that could directly control prompts or run code.