skill-forge-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly accepts a URL to a GitHub repository and "Read[s] all .md files, scripts, and asset files" (Step 1), so it ingests untrusted, user-generated third‑party content from public repos that the agent must interpret and which can materially influence its audit actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly accepts a GitHub repository URL as runtime input and states it will "read all .md files, scripts, and asset files" and run repository scripts (e.g., "python scripts/validate_skill.py "), so arbitrary remote repo content (e.g., a GitHub URL like https://github.com/...) can be fetched at runtime and used to control prompts or execute code.