skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs and relies on external package sources (e.g., "Run npx --yes skills add <owner/repo>" in commands/add.md and uses a finder backend such as find-skills per commands/find.md and commands/install.md), meaning the agent fetches and delegates to public, untrusted repos/search results and uses that metadata/results to decide installs and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes npx at runtime to fetch and execute remote packages (e.g., "npx skills add vercel-labs/find-skills" and "npx skills add <owner/repo>"), which downloads and runs external code during skill execution.