guardskills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly describes fetching and scanning public GitHub repositories and ClawHub URLs (e.g., "npx guardskills add https://github.com/owner/repo" and "npx guardskills scan-clawhub owner/skill-slug"), meaning the agent ingests untrusted, user-generated third-party repository content and uses it to drive install decisions, which could enable indirect prompt-injection.