@554/skill-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill installer workflow explicitly fetches and installs community skills from the public Starchild Marketplace (https://skills-market-gateway.fly.dev) and from SkillsMP/GitHub (raw SKILL.md and bundle.zip), writing and loading arbitrary third-party files into the agent's runtime (via skill_refresh), which lets untrusted, user-generated content materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installer fetches and installs skill bundles at runtime from https://skills-market-gateway.fly.dev (and via GitHub repo URLs/raw GitHub content used by "npx skills add " or manual raw SKILL.md fetch), writing those files into the local skills directory and calling skill_refresh() so remote content can directly change the agent's instructions/behavior.