find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's workflow explicitly instructs the agent to search and fetch candidates from public sites (e.g., "Search the current skill ecosystem source, such as https://skills.sh/") and to check source repositories and install commands (Phase 2 and Phase 3 of SKILL.md), which requires reading untrusted third-party repository/web content that can influence install decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running npx to fetch and run third‑party skill packages (e.g., "npx skills add owner/repo@skill" which pulls code from the npm registry such as https://registry.npmjs.org), so at runtime it will download and execute external code required for installation.