hap-skills-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly clones and copies SKILL.md files from the public GitHub repository https://github.com/garfield-bb/hap-skills-collection (and installs an external MCP via npx), thereby ingesting user-controlled, public third‑party content that the agent is expected to read and use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git clone/pull of https://github.com/garfield-bb/hap-skills-collection.git at runtime and copies its SKILL.md files into the agent's skills directory, meaning remote repository content can directly control agent prompts/instructions.