alibabacloud-find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the public AgentExplorer APIs (e.g., aliyun agentexplorer get-skill-content in SKILL.md Step 3 and related examples) to fetch full markdown content for public/community-contributed skills, and the workflow instructs the agent to read/interpret that content to decide whether to install or act—exposing it to untrusted third-party, user-generated content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Installation step explicitly instructs running "curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash", which fetches and executes remote code at runtime to install a required dependency (Aliyun CLI), so this URL poses a direct execution risk.