skill-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's search_skills can return cloud community hits that are auto-imported with a local_path and explicitly instructs the agent to "read SKILL.md at local_path, follow the instructions," meaning untrusted third-party (community) skill content is fetched and read and can directly influence the agent's actions.