find-best-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches remote SKILL.md files from user-provided URLs (Phase 1 — Path B: WebFetch of GitHub raw URLs and other URLs) and then reads and injects those fetched skill bodies into subagent prompts to drive behavior (Phase 3), so untrusted third‑party content can directly control agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches SKILL.md from GitHub (e.g., https://raw.githubusercontent.com////SKILL.md or a repo URL like https://github.com///tree/main/skills/my-skill) at runtime via WebFetch and then injects the fetched markdown body as the full instructions passed to subagents, meaning remote content can directly control agent prompts.