ai-ready

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly tells the user to download and install an external SKILL.md from the public URL https://raw.githubusercontent.com/johnpapa/ai-ready/main/skills/ai-ready/SKILL.md into the agent's skills directory, which will be loaded and can change agent behavior, thus exposing the agent to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the user to download and install the remote skill file at https://raw.githubusercontent.com/johnpapa/ai-ready/main/skills/ai-ready/SKILL.md at runtime, and that fetched SKILL.md directly becomes the agent's instructions (a required runtime dependency).