skill-add

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md explicitly instructs the agent to use "docs-seeker" and "Explore" subagents to fetch and explore arbitrary URLs (including GitHub) and to summarize/report back, which requires ingesting untrusted public web/user-generated content (e.g., documentation pages and repo contents) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and explore external documentation and to install/use repomix at runtime (see https://repomix.com/guide/installation and https://repomix.com/guide/usage), which can result in installing/executing remote code and importing external repo/docs content that would be injected into the agent context and could directly control prompts.