synthesis-skills-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones/updates and reads SKILL.md from a public source repo (e.g., "synthesis-skills" as shown in the "First-time setup" flow and the install/update commands) and uses that untrusted third-party content (frontmatter and instructions) to drive installs, dependency checks, and synthesis-merge decisions, so external content can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones/updates and reads SKILL.md from external repos (e.g., github.com/rajivpant/synthesis-skills) at runtime, and those fetched SKILL.md files directly contain the methodology/instructions that will control the agent's behavior, making the external repo a required runtime source of prompts/instructions.