build-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's mandatory "full research path" (SKILL.md steps 4 and 4a) and bundled scripts (scripts/skill-dl) explicitly search, download (git clone), and instruct the agent to read remote skills and web search results (npx skills find, optional Serper/Google layering), so untrusted third‑party SKILL.md and repo content are fetched and interpreted to drive comparison and synthesis decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime download behavior (scripts/skill-dl / skill-research.sh) that uses git clone --depth 1 to fetch remote repositories (e.g., the install/reference to yigitkonur/skills-by-yigitkonur/skills/build-skill) and then reads those SKILL.md/reference files into the agent context, which means externally hosted repo content fetched at runtime can directly control prompts/instructions.