skill-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The installer scripts (scripts/install-skill-from-github.py and scripts/list-curated-skills.py) explicitly fetch and download content from public GitHub URLs (via github_utils.github_request/urllib) and copy SKILL.md and code into ~/.ai-skills, meaning untrusted, user-generated repository content can be ingested and thereby alter agent behavior or subsequent tool use.