skillsmp-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill queries the public SkillsMP API and downloads community SKILL.md files from GitHub/raw URLs (see the "Search" API base plus the "Compare to find best" step that "Fetch & evaluate: Download SKILL.md" and the "Install" step that transforms/fetches RAW_URL), which are user-generated/untrusted third‑party contents that the agent is required to read and use to decide/evaluate/install skills, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Install flow explicitly transforms github.com/... URLs into raw.githubusercontent.com/.../SKILL.md and runs curl to fetch that SKILL.md at runtime (e.g., raw.githubusercontent.com/... and github.com/...), which injects remote SKILL.md content that directly controls agent prompts/instructions and is required for installation.