ce-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Step 7 and the scripts/check-health dependency list) explicitly instructs running install commands that fetch and install public GitHub-hosted agent skills and tools (e.g., "npx skills add https://github.com/..." and agent-browser install), which pulls untrusted third‑party code that can be executed by the agent and thus materially influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill’s install flow runs commands at runtime that fetch and install third‑party agent skills (e.g., "npx skills add https://github.com/vercel-labs/agent-browser --skill agent-browser -g -y" and "npx skills add ast-grep/agent-skill -g -y"), which will download and execute remote code and can directly control agent behavior, so these URLs are runtime-executed dependencies.