install-shared-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and the scripts tools/install_skill.js / tools/install_shared_skill.js run the command "clawhub install <skill_name> --workdir ./", which fetches and installs arbitrarily-named third-party skills (untrusted, user-published packages) into the shared skills directory that agents can load and which can therefore inject instructions affecting agent behavior.