add-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's fetch_skill.py explicitly downloads arbitrary skill directories from GitHub (e.g., via git sparse-checkout of https://github.com/... in scripts/fetch_skill.py and SKILL.md is copied into /.agents/skills/), so untrusted, user-hosted repository content (including SKILL.md) is ingested and can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included script fetches and git-clones a GitHub repository at runtime (it builds/uses URLs like https://github.com/{owner}/{repo}.git and accepts inputs such as https://github.com/OpenHands/extensions/tree/main/skills/codereview), installing remote skill files (including SKILL.md) into the agent workspace—remote content that can directly control agent prompts/behavior or introduce executable code.