install

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (step 4 "スキルのインストール") runs npx skills add <source> --skill <name> using source values from the manifest, which causes the agent to fetch and install code from external package repositories (public third‑party sources) that can influence future tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs commands that fetch and execute remote packages at runtime via "npx skills add --skill -y" (e.g., source "myuon/agent-skills"), so external content from the manifest-controlled would be downloaded and executed and can directly change agent behavior.