aif

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly installs and reads external community skills from skills.sh (using "npx skills install ") and instructs the agent to pass and study arbitrary documentation URLs in "Learn Mode" and to read SKILL.md/supporting files of installed external skills for semantic review, so untrusted third‑party content is ingested and can influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly instructs installing and loading external skills from https://skills.sh at runtime (and to pass arbitrary documentation URLs into the skill-generator), so remote content fetched from that site or supplied URLs can directly influence generated prompts or contain executable code and is relied upon as part of the setup process.