skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md "Prior Art Research" workflow explicitly instructs the agent to WebFetch/WebSearch public sites (e.g., skills.sh, GitHub, npm/PyPI, official API docs) as required steps, meaning the agent will fetch and read untrusted, user-generated public web content that can materially influence tool choices and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The SKILL.md explicitly recommends fetching and installing gitleaks from https://github.com/gitleaks/gitleaks/releases/download/v8.21.2/gitleaks_8.21.2_linux_x64.tar.gz (wget + extract + move) as a blocking dependency for the security scan/packaging step, which downloads and installs an external executable that will be run locally—i.e., remote code fetched and executed as part of the workflow.