molten-skill-manage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The required workflow uses npx skills add <repo-or-URL> to install a skill package from an external GitHub repo/URL, and that repo’s README/body text can be ingested by the agent at runtime as free-form content (outsider-authored prompt injection risk via fetched package documentation).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The document instructs installing skill packages from remote GitHub repos/URLs at runtime (e.g., "npx skills add switch-dimension/molten-os-core" which pulls the GitHub repo switch-dimension/molten-os-core), so external code/content fetched during install/run can execute and directly control agent behavior.