skill-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Scenario B explicitly accepts a user-provided GitHub URL and instructs the agent to fetch the repository's name and description from that public third-party source (SKILL.md), so untrusted, user-generated content from GitHub can be read and influence registration behavior.