daily-news-caster

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Both links are to public GitHub repositories (not inherently malicious) but they come from unvetted individual accounts and the skill explicitly instructs using npx to install remote code and running downloaded .py/.sh scripts — actions that can execute arbitrary code and therefore could be used to distribute malware unless the repositories and scripts are manually reviewed and executed only in a safe sandbox.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs the news-aggregator-skill's fetch_news.py (e.g., fetching from public sources like "hackernews", "github", or "all") and instructs the agent to read and rewrite that fetched, untrusted public/user-generated news into a podcast script, so third-party content is ingested and can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs npx to fetch and install code from https://github.com/cclank/news-aggregator-skill and https://github.com/noizai/skills at runtime and then instructs running a fetched script (fetch_news.py), so external repository content is fetched during execution and is used/run to control the agent's behavior.