install-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and lists skills from public GitHub repositories and arbitrary URLs (e.g., "npx ... skills add owner/repo", full GitHub URLs, or direct repo paths), so the agent will ingest and act on untrusted third‑party code/content that could contain indirect prompt injection.