skill-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and downloads community SKILL.md files and search results from public third‑party sources (e.g., raw.githubusercontent.com via download_skill, GitHub API searches, and skills.sh / npx skills find) and then reads and adapts that content as part of installing and enabling Skills, so untrusted user-generated webpages can influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime code that queries the GitHub API (e.g. https://api.github.com/search/code?q=... ) and downloads SKILL.md from raw GitHub URLs (e.g. https://raw.githubusercontent.com/{repo}/main/{skill_path}); the fetched SKILL.md is then adapted and registered so it directly controls agent behavior/instructions at runtime.