skill-security-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill explicitly ingests and scans SKILL.md and other files from untrusted skill directories / git repositories (see "Evaluating a skill from an untrusted source" and the CI step that audits changed skills), so it reads user-generated third‑party content that can influence verdicts or subsequent actions and thereby enable indirect prompt injection if not properly sandboxed.