obul-api-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's scripts (search.js, list.js, preview.js, fetch.js, install.js and install.sh) fetch and parse public files from raw.githubusercontent.com/obulai/obul-apis (APIS_JSON_URL and SKILL_URL_BASE), and the agent explicitly reads and uses SKILL.md and apis.json contents (e.g., extracting "When to Use", search results, and installation/usage decisions), so untrusted public repo content can influence tool selection and next actions.