alibabacloud-find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs aliyun agentexplorer search-skills and get-skill-content to fetch public AgentExplorer skill listings and full skill markdown (noting "community skills" in SKILL.md), which the agent reads and uses to decide installs/actions per the Core Workflow, so untrusted third-party content could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs installing/running remote packages (e.g., "npx skills add aliyun/alibabacloud-skills" and "npx @anthropic-ai/claude-code skills add https://github.com/aliyun/alibabacloud-skills"), which at runtime fetches and executes code from the GitHub/npm URL (https://github.com/aliyun/alibabacloud-skills), so the external content can directly control agent prompts or code execution.