publish-to-marketplaces

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs submitting public GitHub repo URLs to agentskill.sh and running "npx skills add" which clones and renders SKILL.md from public GitHub/skills.sh (third‑party, user-generated) content, meaning untrusted pages/files will be fetched and their contents can influence installation and agent-related actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires submitting or cloning a GitHub repo URL (e.g. https://github.com/owner/repo) — agentskill.sh's "Analyze & Import" and npx skills add fetch the repo at runtime to load the SKILL.md which directly controls the agent's prompts/instructions, so this external content is a required runtime dependency.