stablecoin-risk-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required pre-flight version check (SKILL.md) fetches plugin.yaml from raw.githubusercontent.com and the skill can also call the public api.barker.money API — both are open, untrusted public sources whose responses are ingested by the agent and can trigger updates or influence subsequent actions (e.g., running updates), creating a clear path for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight runtime uses curl to fetch version data from https://raw.githubusercontent.com/okx/plugin-store/main/skills/stablecoin-risk-check/plugin.yaml and, if outdated, can run an npx install (npx skills add ...) which performs remote package retrieval and executes code, so the fetched URL is used at runtime and can lead to executing remote code.