find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to search and fetch skill repositories and files from the open web (e.g., using "npx skills find", browsing skills.sh, and the included scripts/scan_skill.sh which git-clones repos or curl-downloads raw SKILL.md files) and to read/interpret those public, user-authored SKILL.md contents as part of its evaluation, so untrusted third-party content can influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The provided scan script downloads arbitrary remote SKILL.md or repo URLs at runtime (e.g. https://raw.githubusercontent.com/owner/repo/main/path/to/SKILL.md or a git repo URL) and then runs uvx snyk-agent-scan@latest which fetches and executes remote code, so the skill has a runtime dependency that executes externally fetched code (uvx snyk-agent-scan@latest and the curl/git clone of raw GitHub URLs).