agent-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public, community-contributed content from the VoltAgent/awesome-claude-code-subagents GitHub repo (via the listed GitHub API endpoints and raw agent file URLs such as api.github.com/.../contents and raw.githubusercontent.com/.../*.md, and by downloading README.md), and it reads and uses those untrusted files to search, present, and decide/install agents—allowing third-party content to influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill downloads agent definition files at runtime from the raw GitHub URL (e.g. https://raw.githubusercontent.com/VoltAgent/awesome-claude-code-subagents/main/categories/{category-name}/{agent-name}.md) and those fetched .md files directly control agent prompts/behavior, making this an external runtime dependency that can change instructions.