skillshare

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and installs arbitrary public repos/URLs (references/install.md: "skillshare install user/repo" and support for GitHub/GitLab/HTTPS/SSH) and can sync third-party "extras" such as rules/commands/prompts into target AI tool directories (references/sync.md "sync extras"), plus the runner script downloads releases via the GitHub API/raw.githubusercontent.com (scripts/run.sh), meaning untrusted, user-generated content is ingested and can materially alter agent/tool behavior (and audit gates can be bypassed with --skip-audit/--force).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included runner script (scripts/run.sh) performs runtime network fetches and installs a remote binary (it queries https://api.github.com/repos/runkids/skillshare/releases/latest and then downloads/executes the release tarball from URLs like https://github.com/runkids/skillshare/releases/download/${LATEST}/skillshare_${VERSION}_${OS}_${ARCH}.tar.gz), which clearly fetches and executes remote code at runtime.