skill-repo

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content includes an automated license-migration script that intentionally replaces a detected GPL license with a newly created MIT license, removes the original LICENSE file, and force-updates package metadata to claim a different SPDX license (misrepresenting authorship/rights) — an explicit, potentially malicious/legal-abuse behavior; additionally the guidance to pre-authorize a Composer plugin and to depend on third‑party actions/plugins are supply-chain vectors that increase risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's installation and marketplace docs (SKILL.md, references/installation-methods.md, and references/marketplace-integration.md) explicitly describe installing or syncing skills from public GitHub releases, the Netresearch marketplace, and Packagist (cloning public repositories and ingesting their SKILL.md), meaning the agent will fetch and interpret untrusted, user-generated SKILL.md content that can change agent behavior.