vp-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using npx -y skills@1.5.3 add <repo> and to discover skills at https://skills.sh/, which requires fetching and installing skills from public repositories/websites (untrusted third‑party content) that the agent would read and install and thus could inject instructions affecting subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill uses npx to fetch and install external skill repositories at runtime (e.g., vercel-labs/agent-skills which corresponds to https://github.com/vercel-labs/agent-skills), and those repositories provide SKILL.md files that directly define agent prompts/instructions—so remote content fetched during runtime can control the agent.