find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public SkillHub search and index results (e.g., SKILLHUB_SEARCH_URL "https://lightmake.site/api/v1/search" and SKILLHUB_PRIMARY_DOWNLOAD_URL_TEMPLATE/"https://lightmake.site/api/v1/download?slug={slug}" plus the SKILLHUB index URL) as part of its required workflow (see SKILL.md "1. 用户询问...先执行 search" and scripts/skillhub_tool.py functions like fetch_search_results, resolve_install_metadata, and install_skill_archive), so untrusted third‑party metadata and archives from the open web can directly drive installs and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The tool downloads and installs remote skill archives at runtime (e.g. https://lightmake.site/api/v1/download?slug={slug} and https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/skills/{slug}.zip, and the install kit https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/latest.tar.gz), extracts them into the workspace, and those bundles contain SKILL.md files that directly control agent prompts/instructions, so the fetched content can alter agent behavior.