skills-dashboard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scraper (scripts/scrape_and_build.py) explicitly fetches public, user-published data from https://skills.sh/api/search and ingests those untrusted entries into the agent's aggregation and dashboard generation workflow, so third-party content can directly change which publishers/skills are highlighted and the agent's outputs.