installing-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The install script (scripts/install.sh) explicitly fetches repository listings from api.github.com and downloads SKILL.md files from raw.githubusercontent.com for the public repo github.com/oaustegard/claude-skills, so untrusted third-party SKILL.md content is ingested and can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). At runtime the installer script queries https://api.github.com/repos/oaustegard/claude-skills/contents and downloads SKILL.md files from https://raw.githubusercontent.com/oaustegard/claude-skills/main/{skill-name}/SKILL.md, writing them into /mnt/skills/user where those remote files can directly supply instructions that control agent behavior.