skill-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and process public, user-generated content (e.g., use of WebFetch for docs URLs and examples/commands that call the GitHub API and GitHub CLI such as fetch('https://api.github.com/repos/owner/repo'), gh pr view, gh pr diff) — which are open third‑party sources that could contain untrusted text capable of indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included script scripts/skills-ref.sh runs uvx with git+https://github.com/agentskills/agentskills.git#subdirectory=skills-ref, which causes the skill to fetch and execute remote code from that GitHub repo at runtime (used for the recommended ./scripts/skills-ref.sh validation), so this is a high-confidence runtime remote-code dependency.