fuse-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to acquire and load remote skills via Tier 2 (e.g., "npx skills add <owner/repo>" in Core workflow step 3) and then "Load every source skill" (step 4) so the agent will fetch and interpret untrusted third‑party owner/repo skill content that can change its fusion decisions and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches remote packages at runtime (e.g., via "npx skills add <owner/repo> --skill " or a provided GitHub URL normalized to owner/repo) and then reads those fetched SKILL.md skill contents into the fusion process, meaning remote content would directly control agent instructions at runtime.