skillsmp-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Python client (scripts/skillsmp_api.py) makes requests to public endpoints (https://skillsmp.com/api/v1/skills/search and /api/v1/skills/ai-search) to retrieve community-built skill listings (user-generated/untrusted content) and directly parses/prints the JSON results, so the agent ingests and interprets third-party content.