find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs the agent to browse and use public sources (e.g., https://skills.sh and running "npx skills find" / "npx skills add <owner/repo>" from GitHub or "other sources") to discover and install third‑party skills, meaning the agent will fetch and act on untrusted public repository/web content that can materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running the Skills CLI (e.g., "npx skills add owner/repo@skill") and points to the skills registry and GitHub packages (e.g., https://skills.sh/ and vercel-labs/agent-skills), which at runtime will download and install remote code that can execute and alter agent behavior.