workflows-install

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The runtime path uses npx skills add zapier/agent-skills ..., which fetches and installs skill content from the public zapier/agent-skills GitHub repo (outsider-authored free text/code) and then makes it LLM-readable as skill instructions in the agent context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The instructions explicitly fetch and install remote executable code at runtime — e.g., "npm install -g @zapier/zapier-sdk-cli@latest" (installs a remote CLI package) and "npx skills add zapier/agent-skills" (pulls the zapier/agent-skills repo to install companion skills) — which will execute remote code and provide skill logic that controls agent behavior.