workflow-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and displays external, potentially user-generated content from the public site https://skills.sh/ (leaderboard and individual skill pages / SKILL.md) as part of its mandatory Skill Discovery and inspection steps, so the agent will read and interpret untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandates runtime fetching of https://skills.sh/ (and individual skill pages, e.g. https://skills.sh/owner/repo/skill-name) to load SKILL.md content that is injected into the agent's decision flow and used to choose required skills, so external content directly controls prompts at runtime.