knowledge-patch-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly says the helper script "installs patch skills from the public Nevaberry/nevaberry-plugins repo" which means the skill pulls and installs code/assets from an open public third-party repo that can change agent behavior (skills/hooks), so untrusted content could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The helper script is documented to install patch skills at runtime from the public Nevaberry/nevaberry-plugins repo (or an override via KP_PUBLIC_REPO/--public-repo), e.g. https://github.com/Nevaberry/nevaberry-plugins, which downloads and installs external skill code and hooks that can directly control agent prompts or execute code.