update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly requires running "npx skills@latest add boshu2/agentops --all -g", which fetches and installs third-party skills from an external repo that the agent will load and execute, allowing untrusted user-provided code to influence agent behavior and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs the runtime command "npx skills@latest add boshu2/agentops --all -g", which fetches and executes remote npm package code (via the npm registry) that the workflow depends on and which could directly control agent behavior or run arbitrary code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs the agent to execute system-altering commands that reinstall software globally from a remote repo (modifying the machine's state and potentially requiring elevated permissions), so it should be flagged.