find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to search public skills ecosystems (Step 3: "查看 skills.sh leaderboard", "运行 npx skills find ") and to inspect GitHub/installation metadata (Steps 4–5), which requires fetching and interpreting untrusted, user-generated content from external repos that can influence installation and action decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs runtime installation of third‑party code via commands like "npx skills add owner/repo@skill" (i.e., fetching an external git/npm package such as owner/repo) and references skills.sh, which would fetch and install remote code that can execute and control agent behavior.