my-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The find workflow (references/find-workflow.md) explicitly instructs the agent to search ClawHub and use commands like clawhub get <owner/repo@skill-name> and cat .../SKILL.md to download and read public repositories' SKILL.md files (community/third-party content), which the agent is required to interpret and use to make recommendations and actions—exposing it to untrusted, user-generated content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The find workflow explicitly runs runtime fetches like "clawhub get vercel-labs/agent-skills@github-pr-reviewer" (and references https://clawhub.com/...) to download SKILL.md files and then reads/injects those documents into the agent's analysis and instructions, so external repository content fetched at runtime can directly influence agent prompts/behavior.