skill-share

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). skills.sh is an unknown third‑party site (not an official package registry) that can host installable "skills" and provide npx/installation instructions which may execute remote code or link to executables — no direct .exe links are shown but the workflow encourages running remote installers, so it poses a moderate-to-high risk without verification.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes public pages from https://skills.sh (Phase 2: "Fetch from https://skills.sh" and "Get full skill page" steps), ingests that untrusted, user‑generated page content into skill-source.md and downstream draft/installation/analysis workflows, and uses it to drive decisions and actions—creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches https://skills.sh/// at runtime to extract and inject skill page content into the agent's generation context, and (in the auto-install branch) runs runtime commands like "npx skills add <owner/repo> ..." which download and execute remote code, so these external URLs/repos directly influence prompts and can execute code.