find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs using the skulls CLI to search and install skills from public sources (e.g., "npx @juanibiapina/skulls find" and "npx @juanibiapina/skulls add owner/repo@skill") and links to skills.sh/GitHub, meaning the agent is expected to fetch and interpret content from open, user-provided third-party repositories and listings (untrusted) as part of its workflow.