skill-checker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). scripts/check-skill.sh explicitly invokes uvx to load and run the skills-ref validator from the public GitHub URL (git+https://github.com/agentskills/agentskills.git#subdirectory=skills-ref), which causes the agent to fetch and execute/analyze third‑party repository content that can materially influence validation outputs and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The check-skill.sh script fetches and executes remote validator code at runtime (e.g., uvx --from "git+https://github.com/agentskills/agentskills.git#subdirectory=skills-ref", go install github.com/microsoft/waza/... and github.com/agent-ecosystem/skill-validator/..., and npx --yes skill-check@latest), which downloads and runs external code that the script relies on to perform its validations.