skill-downloader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and installs skills from public GitHub repositories and arbitrary URLs (see scripts/download_from_github.py and scripts/download_from_archive.py) and explicitly reads/parses SKILL.md frontmatter from those untrusted, user-provided sources as part of its workflow, which can enable indirect prompt injection.