skill-vetter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and reading skills from public sources like ClawdHub/GitHub (see the "触发场景" and the "GitHub 技能快速检查" PowerShell examples) and requires "逐个读取技能中的所有文件", so untrusted, user-generated repository content would be ingested and used to drive install/safety decisions, enabling indirect prompt injection.