skill-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly searches and clones public GitHub repos and visits SkillsMP (using mcp__github__search_repositories, mcp__github__get_file_contents, a browser plugin, and git clone) and reads SKILL.md files from those untrusted, user-generated sources to decide which skills to install, so third-party content can influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs git clone of arbitrary repositories at runtime (git clone {repo_url}) and fetches SKILL.md via GitHub APIs and the SkillsMP site (e.g., https://github.com/... and https://skillsmp.com), so remote repository content fetched during execution can directly control agent prompts/instructions and is required for installation.