skill-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and scripts clearly fetch and ingest public, user-contributed content—scripts/find_skills.py queries the public skills.sh API and scripts/add_skill.py downloads raw files from GitHub (raw.githubusercontent.com) including SKILL.md and code that are then registered and made available to the agent, so untrusted third-party content can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Yes — the add_skill.py script fetches skill files at runtime from GitHub raw URLs (e.g., https://raw.githubusercontent.com and via the GitHub API) and downloads SKILL.md and scripts which are then registered into Skill Compose and can directly control agent prompts/behavior.