moldable

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly lets the agent add and sync external skill repositories (see references/skills-mcps.md — addSkillRepo/syncSkills which download public repos like "anthropic/skills" into ~/.moldable/shared/skills/), so untrusted, user-generated repo content (SKILL.md and executable skill files) is ingested and can change the agent's tools/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes runtime tools (addSkillRepo / syncSkills) that fetch git repositories (e.g., "anthropic/skills") into ~/.moldable/shared/skills/ and those repos can contain SKILL.md files that directly influence agent prompts and bin/ executables that run code, so remote git URLs used at runtime can control prompts or execute code.