wp-add-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's workflow explicitly clones and installs the public GitHub repository https://github.com/WordPress/agent-skills (see SKILL.md clone/install steps), causing the agent to ingest and run untrusted third-party code that can influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs a runtime git clone of https://github.com/WordPress/agent-skills and then runs repository scripts (node skillpack-build.mjs and node skillpack-install.mjs), which means it fetches remote code at runtime and executes it as a required dependency.