find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using the Skills CLI (e.g., "npx skills find [query]"), browsing https://skills.sh/, and installing owner/repo skills (public GitHub repos), which fetches and ingests open/public third‑party content that the agent would read and could materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Commands such as "npx skills add acedergren/agentic-tools@orchestrate" (which fetches remote skill code from the Skills ecosystem / https://skills.sh/ and the referenced GitHub repo github.com/acedergren/agentic-tools) are executed at runtime to install skills that run code and can modify agent prompts/behavior, so this is a runtime external dependency that directly controls/executes remote code.