installing-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The install script (scripts/install.sh) explicitly fetches SKILL.md files from the public GitHub repository via api.github.com and raw.githubusercontent.com (github.com/oaustegard/claude-skills) and installs them as runtime skills, so arbitrary third‑party SKILL.md content can be read and directly influence the agent's subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install script runs at runtime and fetches skill definitions from https://raw.githubusercontent.com/oaustegard/claude-skills/main/... (and lists the repo via https://api.github.com/repos/oaustegard/claude-skills/contents), and those downloaded SKILL.md files are installed as available skills that can directly control agent prompts/instructions.