repo-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and clones arbitrary public GitHub repositories (see SKILL.md Step 4.2 "git clone" of selected URLs and the theme-driven search that calls find-skills), and its scripts (scripts/qa.py, scripts/search.py, scripts/architecture.py, scripts/quality.py) read and interpret those repository files to generate analysis and actionable recommendations—meaning untrusted, user-generated third‑party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill installs and invokes an external skill at runtime via "/skill-manager install https://skills.sh/vercel-labs/skills/find-skills", which fetches and executes remote skill code and its results directly influence subsequent agent actions in the theme-driven search flow.