wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to fetch and ingest arbitrary remote repositories (e.g., "URL이면 git clone <url> 후 진행" in Mode B and wikiRemote/source-repos entries in templates), meaning untrusted third‑party repo content would be read and used to drive extraction, SKILL.md updates, and commits/pushes — enabling indirect prompt-injection via repo content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime fetches (e.g., git clone , git remote add ) and instructs installing remote skills such as the example repo https://github.com// / via npx skills add /, meaning remote repository content (including SKILL.md) would be fetched at runtime and can directly control agent prompts/behavior and is required for the skill to function.