find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs fetching and installing skills from external "repo/source" using commands like npx playbooks add skill <source> (and listing/installing skills from those sources), which means the agent will ingest and act on untrusted third‑party repository content that can alter behavior and thus could enable indirect prompt injection.