manage-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This SKILL.md explicitly instructs using public registries (e.g., "gitagent skills search" against the SkillsMP registry and GitHub and "gitagent skills install ... --provider github") to fetch and install third‑party skills (untrusted user-generated repos) which the agent will read/execute and can materially change tool use or behavior, enabling indirect prompt injection.