skillshare-cli-e2e-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly runs installer scripts that auto-install mdproof from a GitHub release (Phase 0 ensure-mdproof.sh) and documents running/validating ss install <repo> (and other commands that fetch/install from arbitrary GitHub URLs) so the skill fetches and executes untrusted, user-hosted third-party content which can materially affect execution and subsequent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs /workspace/.devcontainer/ensure-mdproof.sh which "auto-installs from GitHub release" (i.e. fetching from https://github.com or example installer URLs like https://github.com/user/repo) at runtime to install/execute the mdproof binary that the skill requires to run and validate runbooks, so a remote GitHub-hosted artifact is fetched and executed as a required dependency.