happycapy-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly clones and reads public third‑party content from the anthropics/skills GitHub repository (see scripts/clone_skill.py and semantic_search.py), and then passes that untrusted repository code into LLM-driven workflows (see scripts/integrate_feature.py and scripts/auto_fix.py) which can modify files and drive further actions—so external, user-generated content can materially influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runtime performs a git clone of https://github.com/anthropics/skills.git (clone_skill.py) and then reads the fetched files which are injected into LLM prompts (integrate_feature.py, auto_fix.py), so that remote repository content directly controls prompts and is a required dependency.