skill-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to sweep public registries and GitHub (Tier 1–4, including GitHub topic search and resolving entries from sites like agent-skills.cc) and to read/interpret candidate SKILL.md files and repo metadata as mandatory steps (rubric, waxa audit, apm install, and waxa eval), which clearly ingests untrusted, user-generated third‑party content that can materially change install/evaluation actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime workflow requires fetching and installing external skill repositories (e.g., apm install anthropics/skills/skills/ which maps to https://github.com/anthropics/skills) and running tooling that pulls and executes remote packages/scripts (e.g., npx @mizchi/waxa and the curl of https://raw.githubusercontent.com/VoltAgent/awesome-agent-skills/main/README.md), and those fetched SKILL.md files, npm packages or scripts can directly control agent prompts or execute code — therefore they are a runtime external dependency with direct control.