skill-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs npx skills find / npx skills add against the public community repository (e.g., https://skills.sh and GitHub owner/repo URLs) and then reads/verifies installed SKILL.md files, meaning it fetches and ingests untrusted, user-generated third-party skill content that can change the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs npx commands that fetch/install external skill repositories at runtime (e.g., via owner/repo or full URLs like https://github.com/vercel-labs/agent-skills and references to https://skills.sh/), and those fetched SKILL.md files directly control agent prompts/instructions, so remote content can change agent behavior.