skill-distiller

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly searches and fetches public skills from skills.sh (see "Search" and "Fetch" steps) and then reads/analyzes the staged SKILL.md files to synthesize new skills, meaning arbitrary user-generated content from skills.sh is ingested and can directly influence subsequent actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The distiller explicitly fetches and stages external SKILL.md content from skills.sh at runtime (via the search/fetch/npx steps) and then parses that fetched content to generate the synthesized SKILL.md (i.e., the external content directly controls prompts/instructions), so https://skills.sh is a required runtime external dependency.