install-bensz-skills

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These are personal GitHub repositories (not official vendor sources) and the skill explicitly instructs downloading and executing install scripts from them without verification or safeguards, which makes them potentially unsafe and able to distribute malicious code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installer explicitly downloads and clones public GitHub repositories listed in config.yaml (see remote_sources) via scripts/install.py->_download_remote_source, then reads SKILL.md and other files (e.g., in _compare_remote_skills and _install_remote_skills) and may install/activate those skills—meaning untrusted, user-provided repository content is fetched and can directly change available tools and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installer explicitly clones remote GitHub repositories at runtime (e.g. https://github.com/huangwb8/skills, https://github.com/huangwb8/ChineseResearchLaTeX, https://github.com/anthropics/skills) and then copies their skill directories (including SKILL.md) into user skill directories—these fetched files can contain prompt templates or agent instructions that will be loaded and used by agents, so the URLs are runtime-used sources that directly control agent prompts.