skill-security-auditor

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These are high-risk: the two GitHub repo URLs are unvetted user repositories that can host malicious code or installers, and the third URL (evil.com/collect) is an explicit-looking exfiltration endpoint — together they represent a suspicious download/execution source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones and audits arbitrary git repositories (see clone_repo and the Quick Start "audit a skill from a git repo" flow) and reads SKILL.md, reference .md files, and code from those untrusted public repos as part of its scanning, so third‑party repo content can directly influence the auditor's PASS/WARN/FAIL decisions.