keychron-keyboards-hardware-design

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs cloning a public GitHub repo (https://github.com/Keychron/Keychron-Keyboards-Hardware-Design.git) and includes scripts (e.g., parse_step_header.py, find_model.py, inventory.py) that read and act on repository files and metadata, meaning untrusted, user-generated third-party content would be ingested and could influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs fetching and running repository code at runtime (git clone https://github.com/Keychron/Keychron-Keyboards-Hardware-Design.git followed by running Python scripts from that repo), which means remote content is fetched and then executed locally.