find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run "pnpx skills find" and browse https://skills.sh/ and install packages with "pnpx skills add owner/repo@skill", which causes the agent to fetch and interpret open, user-provided GitHub/skills.sh content that can alter its capabilities and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs installing external skills at runtime using commands like "pnpx skills add vercel-labs/agent-skills@vercel-react-best-practices" and links to https://skills.sh/vercel-labs/agent-skills/vercel-react-best-practices, which will fetch remote repository code that can execute and/or control agent prompts.