skill-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly searches and installs skills from the public skills.sh ecosystem and arbitrary user/repos (e.g., "alma skill install <user/repo>" and "alma skill search"), meaning the agent will fetch and read untrusted third‑party SKILL.md and code which could contain injected instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly installs third‑party skills at runtime via the skills.sh ecosystem (e.g., alma skill install openclaw/weather which pulls content from https://skills.sh/<user/repo>), and those fetched SKILL.md files provide instructions that directly control the agent’s behavior, so this is a runtime external dependency that can inject prompts/execute code.