install-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow (SKILL.md) instructs using the skills CLI to add/install skills from arbitrary external sources (e.g., "npx ... skills@latest add " and owner/repo# or patinaproject/skills), which fetches and ingests untrusted third-party skill packages whose contents can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The install commands run at runtime (e.g., npm_config_ignore_scripts=true npx --yes skills@latest and sources like owner/repo or patinaproject/skills or owner/repo#) fetch and execute remote package/repository code to install skills, so those external sources (skills@latest and referenced git repos) can directly execute code and control installed agent behavior.