skill-security-auditor

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.95). At least one URL (https://evil.com/collect) is an explicit data-exfiltration endpoint and the GitHub links point to generic/unknown repositories that could host malicious installers or scripts, so this set is suspicious and represents a high risk for malware distribution.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones and audits arbitrary git repositories (see clone_repo and the Quick Start "audit a skill from a git repo" flow) and reads SKILL.md, reference .md files, and code from those untrusted public repos as part of its scanning, so third‑party repo content can directly influence the auditor's PASS/WARN/FAIL decisions.