project-starter-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to search and fetch community skills from open registries and repositories (see skill_search_template and the SKILL.md steps that run "npx skills find" and "npx skills add" pointing at GitHub/GitLab), which causes the agent to read untrusted, user/community-provided content from the public web.