sglang-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and updates a public GitHub repository (via update-sglang.sh / the recommended bash update-repos.sh sglang which clones https://github.com/sgl-project/sglang.git into repos/sglang) and instructs the agent to read and grep those repo files as part of its workflow, so untrusted third-party code/docs could materially influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The included update script (update-sglang.sh) fetches/clones code at runtime from https://github.com/sgl-project/sglang.git, and that repository’s code is intended to be run locally (e.g., python -m sglang.launch_server), so remote content can execute code on the host.