cli-anything-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's index.html JavaScript explicitly fetches public registry data from raw.githubusercontent.com and hkuds.github.io (REGISTRY_URLS / DATES_URLS) and the SKILL.md workflow tells agents to read registry.json and the referenced SKILL.md/install commands, meaning untrusted publicly-editable registry entries can directly influence which CLIs are installed and what actions the agent takes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The page's runtime JS fetches external registry JSON from https://raw.githubusercontent.com/HKUDS/CLI-Anything/main/registry.json (and related dates from https://hkuds.github.io/CLI-Anything/registry-dates.json), and that fetched data contains install_cmd fields (e.g., pip install git+https://github.com/...) and SKILL links which directly drive agent instructions and can cause remote code to be fetched/installed, so it meets the criteria for a runtime external dependency controlling prompts/remote execution.