remote-skill-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill installs and runs third-party skills via "npx skills add panlm/skills" and "opencode run" on a remote host and then SCPs and reads the generated report Markdown files (remote ${TEST_DIR}/*.md) into LOCAL_RUN_DIR for structural analysis (Steps 3–5 and 7), so untrusted/user-generated report content is ingested and directly influences the agent's comparison and verdict logic.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs npx skills add panlm/skills -y on the remote host during runtime to fetch and install the panlm/skills repository (a remote code package) which will be executed by opencode run, so this external repo (panlm/skills) is a runtime-fetched dependency that directly supplies code and agent behavior.