skill-vetter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs installing/previewing skills from public sources (skillhub, platform market, GitHub) and to run shell_exec/cat to read all files in the temp install (see Step 2 "Preview Install to Temp Dir" and Step 3 "Code Review (MANDATORY)"), so the agent will fetch and interpret untrusted third‑party content that can influence actions.