trending-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and parses public pages from skills.sh (src/skills_fetcher.py loads SKILLS_TRENDING_URL https://skills.sh/trending via Playwright and src/detail_fetcher.py requests skill pages from SKILLS_BASE_URL/owner/name), and then ingests HTML and extracted "when to use"/rules for AI summaries — exposing the agent to untrusted, user-provided web content that could carry indirect prompt injection.