skill-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 3 and Step 5 explicitly fetch SKILL.md files from arbitrary GitHub repositories via raw.githubusercontent.com and the agent is required to read and summarize those untrusted, user-authored files to guide recommendations and install actions, so third‑party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches remote SKILL.md files at runtime from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/{owner}/{repo}/main/skills/{skill}/SKILL.md), and also runs an npx command ("npx skills@latest") — the fetched SKILL.md is injected into the agent's analysis (controlling prompts) and npx executes remote code, so these are runtime external dependencies that can control prompts or execute code.