skill-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md step 7 explicitly instructs using the remote repository URL (via git remote get-url origin) as "" and running "npx skills add " to fetch and install skills from that remote repo, meaning the agent will ingest arbitrary third-party repository content that can change installed skills and influence subsequent tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs using the repository URL returned by git remote get-url origin (e.g., git@github.com:org/repo.git or https://github.com/org/repo.git) as the for runtime npx skills add, which fetches remote skill files (including agents/openai.yaml and prompts) and therefore can directly control agent prompts or cause execution of remote code.