skill-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and installs third-party skills from the public skills.sh ecosystem (via commands like "alma skill search" and "alma skill install <user/repo>"), and the agent is expected to read and act on those installed skills' SKILL.md instructions (user-generated content) which can change tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent to run runtime installs from the skills.sh ecosystem via commands like "alma skill install <user/repo>" (e.g., openclaw/weather), which fetch remote SKILL.md repository content that directly controls agent prompts/instructions, so this is a required runtime external dependency.