kehwar-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs installing and syncing skills from arbitrary GitHub repositories (e.g., "npx skills add <owner/repo>" and "git clone "), which causes the agent to fetch and load untrusted third‑party code/content into ~/.agents/ that can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill explicitly instructs runtime fetching and installation of external skill repositories (e.g., via "npx skills add <owner/repo>" and "git clone ") which will pull and install remote code used by agents—see the skills CLI link https://github.com/vercel-labs/skills—so external content fetched at runtime can execute code and control agent behavior.