skf-quick-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow explicitly fetches and ingests public, user-generated content (e.g., registry lookups in references/registry-resolution.md and GitHub README and source files read via steps-c/step-01-resolve-target.md and steps-c/step-03-quick-extract.md), and that content is parsed and used to assemble SKILL.md, metadata, and control subsequent workflow actions—so untrusted third-party content can influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow fetches and injects repository content at runtime (e.g., via GitHub API/web paths like "gh api repos/{owner}/{repo}/contents/{path}?ref={source_ref}" and "https://github.com/{owner}/{repo}/blob/{source_ref}/{path}") to drive prompt generation and produce the SKILL.md, so these remote URLs directly control agent instructions and are required for the skill to run.