skills-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs installing and discovering community skills from public sources (references/finding-skills.md: "npx skills find", "skillsmp.com", GitHub/npm install steps) and the skill-manager's install command delegates to npx to pull repos, while references/agent-skills-spec.md and conventions state that agents read SKILL.md and reference agent prompts from installed skills — meaning untrusted SKILL.md and reference files fetched from GitHub/npm/marketplaces can be read and acted on by the agent and thus could inject instructions indirectly.