skill-importer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The importer (scripts/import_skills.py) clones and copies skill directories from public GitHub URLs listed in assets/skill-sources.yaml, thereby fetching and ingesting arbitrary user-generated content from the open web (GitHub) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The import_skills.py script clones GitHub tree URLs at runtime (e.g., https://github.com/kehwar/frappe/tree/custom/.github/skills/doctype-schema-expert) and copies SKILL.md and related skill files into the local skills directory, so fetched remote content can directly supply prompts/instructions that control agent behavior.