create-skill-from-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly clones and ingests arbitrary external repositories (Step 1: git submodule add <repo-url> / git clone --depth 1 <repo-url> into sources/<submodule>) and then scans README.md, docs/, wiki/, etc. to generate agent-facing references, so it consumes untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly clones a user-supplied repository URL at runtime (the placeholder "" via git clone/git submodule) and then ingests that repo's documentation into agent-facing reference files, meaning remote content can directly shape agent prompts/instructions—so the user-supplied repo URL is a runtime dependency that can control the agent.