skill-find

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly searches and fetches public GitHub skill directories (via web_search and skill_install_github) and reads SKILL.md and installed_files from those user-generated repositories, so untrusted third-party content on GitHub could influence which skills are loaded and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly calls skill_install_github with GitHub repository URLs (e.g., https://github.com/… or git@github.com:org/repo.git) at runtime to install and load third‑party SKILL.md and code, which can directly control agent prompts or execute remote code and is required for the skill to operate.