manage-my-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill workflow explicitly clones/pulls and installs from the public GitHub repo https://github.com/Derek-X-Wang/skills and reads SKILL.md and references/ files from that repository, so it ingests external, user-authored content that can change installs and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones/installs from the remote repository https://github.com/Derek-X-Wang/skills (via git clone and npx skills add) at runtime, and the fetched SKILL.md skill definitions are installed into agents and therefore directly control agent prompts/instructions.