discover-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "行为/发现" section explicitly says the skill will search external public directories (e.g., "SkillsMP") when the user requests external options, meaning the agent will fetch and interpret third‑party skill metadata (name/description/tags) to drive recommendations and install decisions, which could enable indirect prompt injection.