synthesize-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (Steps 4 and 4a in SKILL.md) explicitly runs remote research and downloads public third‑party skills via scripts/skill-dl (npx/Serper/git clone) and requires the agent to read those downloaded SKILL.md and reference files to build a comparison and drive synthesis, so untrusted user‑generated web content can directly influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes runtime download/install commands (e.g., git clone https://github.com/owner/repo.git and bash scripts/skill-dl https://playbooks.com/skills/owner/repo/skill-name) that are intended to be run during the "full research" path and which fetch SKILL.md and reference files that will be loaded as agent instructions (i.e., remotely fetched content can directly control prompts/behavior), so this is a high-confidence runtime dependency risk.