warden-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and executes remote skills from arbitrary GitHub repositories (see the "Remote Skills" section and the warden.toml remote = "owner/repo@sha" / warden add --remote ... examples), so untrusted third‑party skill content is ingested and can directly influence agent/tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly supports fetching remote skills from GitHub (e.g., the repo reference "getsentry/skills" or "owner/repo@sha" used via commands like warden add --remote getsentry/skills --skill security-review and remote = "getsentry/skills@abc123"), and those remote SKILL.md files are retrieved at runtime and directly provide the agent's instructions, so this is a runtime external dependency that controls prompts.