skill-finder-cn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly requires querying the public PostPlus skills repository (e.g., via npx -y skills add PostPlusAI/postplus-skills --list and postplus list) as the source of truth and to confirm released skill ids, meaning the agent ingests public repository content that can influence which skills/actions it chooses.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Source of Truth tells users to run commands like "npx -y skills add PostPlusAI/postplus-skills --full-depth ..." (and also references installing @postplus/cli), which will fetch and execute remote package code from the public PostPlus repository at runtime and the skill relies on that external package to list/install skills.