skillshare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly installs and fetches skills from public, user-authored sources (e.g., "user/repo", GitHub/GitLab/other hosts, full URLs) as documented in references/install.md and SKILL.md, and the provided scripts/run.sh even downloads releases from GitHub — meaning untrusted third-party skill content (SKILL.md, scripts, binaries) is fetched and ingested as part of the install/sync workflow and can materially influence agent/tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts/run.sh runner fetches and extracts a remote binary at runtime from GitHub (calls to https://api.github.com/repos/runkids/skillshare/releases/latest and downloads like https://github.com/runkids/skillshare/releases/download/... which are then executed), so the skill relies on and executes remote code fetched from those URLs.