npx-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs using npx skills to discover and install skills from public sources (e.g., the skills.sh registry and GitHub/GitLab/direct URLs via "npx skills add "), and those installed SKILL.md and references are agent-readable instructions that would be loaded and could change agent behavior, so untrusted third-party content can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly documents runtime installation of skills from external sources (e.g., https://github.com/owner/repo and the registry https://skills.sh/), and those fetched SKILL.md files are agent instructions that would be loaded at runtime and directly control agent prompts.