skill-creator

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). High-risk: the skill automates installing and launching external MCP packages (npx/uvx/docker), auto-modifies registry/settings/agent files, creates/clears guard state files to allow SKILL.md writes, and can delete or copy code—features that enable remote code execution and supply-chain injection even though there is no explicit exfiltration routine in the code shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's mandatory "Research Gate" requires fetching and parsing external content (e.g., Step 2A: searching https://github.com/VoltAgent/awesome-agent-skills and pulling raw SKILL.md via WebFetch or GitHub API, plus Exa/web searches and arXiv WebFetch calls) and then explicitly instructs the agent to extract patterns and incorporate findings into references and decision-making, so untrusted third‑party webpages and user-generated content are read and can materially influence tool use and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime fetches of external skill content that are injected into agent prompts (e.g., WebFetch({ url: 'https://raw.githubusercontent.com///main/skills//SKILL.md', prompt: 'Extract skill structure, workflow steps, patterns, and best practices' })), so this external URL is used at runtime to control prompts and is a required research dependency.