tooluniverse-install-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly clones and installs skills from the public GitHub repository https://github.com/mims-harvard/ToolUniverse.git (Installation section), thereby ingesting untrusted, user-generated third-party code that the agent will load and can materially change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runtime runs a git clone of https://github.com/mims-harvard/ToolUniverse.git to fetch SKILL.md skill definitions that are then installed into the agent and can directly control prompts/instructions, so the external repo is a runtime dependency that injects agent behavior.