skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Prior Art Research section explicitly instructs the agent to WebFetch/WebSearch and clone public resources (channels 4-8: skills.sh, GitHub/MCP servers, official API docs, npm/PyPI) and to read/verify their source code, so the agent will ingest untrusted, user-generated third‑party web content that can influence tool choices and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's prerequisites and security-review steps explicitly instruct downloading and installing gitleaks from a GitHub release (e.g., wget https://github.com/gitleaks/gitleaks/releases/download/v8.21.2/gitleaks_8.21.2_linux_x64.tar.gz) which would fetch and install remote executable code during runtime and is treated as a required dependency for packaging, creating a high-confidence runtime code-execution risk.