skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires running the Research Gate and uses Exa/WebFetch and arXiv searches and GitHub/MCP conversion/install flows (see SKILL.md Step 2 and docs/research-gate.md and docs/enterprise-bundle.md), so the agent will fetch and interpret public third‑party content (web pages, arXiv results, GitHub repos/MCP servers) that can materially influence tool selection, MCP registration, and subsequent actions—exposing it to indirect prompt-injection from untrusted sources.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime install/convert flows that fetch and run code from GitHub (e.g., https://github.com/owner/claude-skill-name and https://github.com/owner/mcp-server) and MCP registration examples that call npx/docker to execute external packages, which are runtime fetches that can execute remote code.