paperclip-org-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's Stage 5 "Skills Discovery" (references/05-skills-discovery.md) explicitly instructs the agent to search and ingest results from the public skills.sh ecosystem (e.g., via npx skills find [query] and links to https://skills.sh/), which are third‑party/user‑provided skill pages whose content the agent is expected to read and use to decide installs and agent capabilities—exposing it to untrusted external content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill explicitly directs runtime discovery and installation of external skills via the skills.sh ecosystem (e.g., "npx skills find ..." and "npx skills add owner/repo@skill" with links like https://skills.sh///), which will fetch and install remote skill code (SKILL.md) that can directly control agent prompts/behavior or execute code and which the package says must be present for skills to work.