auto-requirement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3 and Phase 6 instructions explicitly require autonomously running "npx skills find ..." and "read the top-ranked skills' content (fetch from skills.sh)" so the agent will fetch and ingest untrusted, third‑party skill pages and use their content to influence agent decisions and next actions (see SKILL.md "Skills discovery" and the Domain Expert Spawn Protocol).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs running "npx skills find" and to "read the top-ranked skills' content (fetch from skills.sh)" at runtime, meaning content from https://skills.sh would be fetched and injected into agent prompts and could directly control agent instructions.