pet-groomer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "How to Use This Skill" and "Platform Support" sections explicitly instruct reading and installing from the public URL https://raw.githubusercontent.com/theneoai/awesome-skills/main/skills/service-worker/pet-groomer.md (references/pitfalls.md and references/platform-support.md), which causes the agent to fetch and apply third-party, publicly-hosted content that can change its behavior and thus enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes explicit install instructions that tell runtime/install actions to "Read https://raw.githubusercontent.com/theneoai/awesome-skills/main/skills/service-worker/pet-groomer/SKILL.md" (and similar raw.githubusercontent.com URLs) and append that remote content into system/persistent prompt files, which means fetching external content at install/runtime would directly control agent prompts; therefore this URL is a high-risk runtime dependency.