orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The repository repeatedly requires agents to run the "find-skills" / "skill-creator" flow and to discover/install skills from the public skills registry (e.g., https://skills.sh and explicit links like https://skills.sh/vercel-labs/skills/find-skills) — a clear instruction to fetch and act on untrusted, user-published SKILL.md and packages that can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The repository instructs agents to run npx skills add to fetch/install base skills from skills.sh (e.g. https://skills.sh/vercel-labs/skills/find-skills and https://skills.sh/anthropics/skills/skill-creator), which are retrieved at runtime and supply SKILL.md content that directly guides agent prompts/behavior and can include executable installation code—constituting a runtime external dependency that controls the agent.