search-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public, user-generated sources—GitHub repositories (e.g., github.com/anthropics/skills, github.com/ComposioHQ/awesome-claude-skills), skills.sh, and the aggregator skillsmp.com—and parses SKILL.md/README content as part of its search workflow, which exposes the agent to untrusted third-party content that could contain indirect prompt injections.