skill-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "自动克隆仓库" from a public GitHub URL (e.g., "帮我从 https://github.com/shetengteng/skillix-hub 安装 skill") and to run install/update/uninstall (including dependency installation and build), which means the agent will fetch and execute untrusted, user-controlled third‑party repository content that can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and clone code at runtime from https://github.com/shetengteng/skillix-hub and then automatically run install/update/uninstall commands, which means remote repository content would be fetched and executed as part of the skill runtime (allowing arbitrary remote code execution).