skill-curator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly tells the agent to discover and read SKILL.md files from target GitHub repositories/URLs (see "Research & Discovery" and the Example input referencing https://github.com/example/agent-skills), which are public third-party, user-generated sources that the agent must parse and act on to update the catalog, allowing untrusted content to influence behavior.