awesome-skills-deepdive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content from third-party sites (e.g., ClawHub pages at https://clawskills.sh in the subagent instructions and GitHub/raw.githubusercontent.com via scripts/fetch_skill.py and the GitHub API), and the agent is required to read and interpret those fetched SKILL.md/README and bundled files to decide audit paths and generate README output—so untrusted external content can materially influence tool behavior and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The workflow and scripts (e.g., scripts/fetch_skill.py and resolve_slug.py) explicitly fetch SKILL.md and other files at runtime from raw GitHub URLs such as https://raw.githubusercontent.com/openclaw/skills/main/skills/{author}/{skill-name}/SKILL.md, and those fetched documents are then ingested by subagents as source material (i.e., injected into the model context to generate prompts/summaries), so remote content can directly influence agent instructions and is a required runtime dependency.