discover-a-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to install and read skills from arbitrary public sources (e.g., "owner/repo", "https://github.com/owner/repo", "gh:owner/repo" in the "Source Formats You Should Use" section) and to read the installed SKILL.md, which are untrusted, user-controlled third‑party contents that can change commands and agent behavior.