find-skills

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). skills.sh is an unrecognized third‑party site and the workflow recommends installing packages via npx (which can execute arbitrary package install scripts or downloaded code), so it could be used to distribute malware if the packages or site are malicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the agent to browse a public catalog (https://skills.sh) and run npx skills find / npx skills add <owner/repo>, which fetches and installs content from public repositories and registries, exposing the agent to untrusted third-party/user-generated content that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running npx to install packages (e.g., "npx skills add owner/repo@skill") which at runtime fetches and executes remote repository code (e.g., https://github.com//), and that fetched code can directly control agent prompts or execute arbitrary code.