skill-system-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and installs arbitrary GitHub content (e.g., scripts/install-skill-from-github.py downloads repo zips and git-checkouts; scripts/list-curated-skills.py calls the GitHub API to read curated listings and SKILL.md/skill files are validated and ingested), so untrusted, user-generated third‑party content is fetched and interpreted as part of its workflow and can directly change tool behaviour.