find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running "npx skills find [query]" and linking to https://skills.sh/ and GitHub packages (e.g., npx skills add owner/repo@skill), which causes the agent to fetch and interpret public, user-contributed skills from the open web and then act on them (install/use), exposing it to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs users (and therefore runtime actions) to install remote skills via npx (e.g., "npx skills add owner/repo@skill") which fetches and runs code from external repositories such as https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices and git-based packages (e.g., vercel-labs/agent-skills@vercel-react-best-practices and referenced commit https://github.com/clawdbot/skills/commit/57ec5c5408848b82d14b92987502e2050062a515), so external content would be fetched at runtime and can execute code or directly alter agent behavior.