find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly queries and ingests listings from external skill registries (default https://skills.sh via get_skills_api_url/run_skills_find and also nacos:// backends via run_nacos_find and derive_nacos_connection) and then presents and executes install commands, so untrusted, user-provided registry entries can directly influence what the agent installs and does.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The script can fetch and execute remote code at runtime — e.g., run_nacos_cli runs "npx -y @nacos-group/cli" (which downloads and executes the package from the npm registry) and the tool interacts with the skills registry endpoints (https://skills.sh or nacos://market.hiclaw.io:80/public) and uses "skills add" to install skill packages that are fetched and may execute code.