ecosystem-authoritative-sources

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents fetching and ingesting SKILL.md and other files from public repositories and marketplaces (e.g., "skill_content = read_file("my-skill/SKILL.md")" and npx skills / marketplace add from GitHub or remote URLs in references/azure-foundry-agents.md and npx-skills.md), which are untrusted user-generated sources and are passed directly into agent "instructions" or system prompts, so third‑party content can influence tool selection and agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime installation from GitHub (e.g., "npx skills add anthropics/skills" which maps to https://github.com/anthropics/skills), and those remote repositories contain SKILL.md and scripts that are fetched at runtime and injected/executed by the agent, so this is a runtime external dependency that can directly control prompts or execute code.