skill-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and installs skills from arbitrary network sources (git repo URLs, zip URLs, raw SKILL.md URLs and other URLs), so the agent would read and act on untrusted, user-provided third-party content.