skillsmp-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly queries the public SkillsMP API (https://skillsmp.com/api/v1/skills) and directs the agent to fetch and read SKILL.md files from candidate GitHub raw URLs (transforming to raw.githubusercontent.com and using curl) — community-authored, user-generated content that the agent reads and uses to score, choose, and install skills, so untrusted third-party content can directly influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Install flow explicitly transforms GitHub URLs into raw.githubusercontent.com raw URLs and runs curl -s "RAW_URL" at runtime to download SKILL.md (e.g., github.com/... → raw.githubusercontent.com/...) which is then loaded as agent instructions, so raw.githubusercontent.com and the referenced GitHub repo URLs are runtime-fetched content that directly control prompts.