skill-marketplace

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill-spec enables automatic downloading and execution of third-party SKILLs from external sites (skillsmp.com/GitHub), which creates a high risk of remote code execution, supply-chain attacks, and data exfiltration (including potential credential access) despite some stated safety checks that are optional/heuristic and may be insufficient.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly searches and web-fetches content from the public Skills Marketplace (skillsmp.com), parses and downloads SKILL.md files and skill descriptions from that third‑party site, and then reads/installs/executes those skills—exposing the agent to untrusted, user-provided content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly searches and WebFetches content from https://skillsmp.com at runtime and downloads/installs SKILL.md files which are then executed as skills, meaning remote content from that URL can directly control agent prompts or execute code.