find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs the agent to search and inspect public skill listings and repositories (e.g., skills.sh leaderboard and GitHub via "npx skills find" / "npx skills add"), which involves fetching and interpreting untrusted, user-generated third-party content that can influence installation and follow-up actions.