skill-suggest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required Execution Flow Step 3 performs HTTP GET requests to the public https://skills.sh/api/search endpoint (Search skills.sh API), ingesting untrusted, user-contributed skill metadata which the agent reads and uses to decide and perform installations, so third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to https://skills.sh/api/search?q={query}&limit=6 and (unless run with --dry-run) will execute "npx skills add --skill " to fetch and install remote skills (e.g., sources like vercel-labs/agent-skills → https://github.com/vercel-labs/agent-skills), which causes fetching and execution of external code that can change agent behavior.