skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to search and install skills from the open ecosystem (e.g., "npx skills find [query]", "npx skills add <owner/repo>" and "Browse skills at: https://skills.sh/"), meaning the agent is expected to fetch and read public third-party skill descriptions/links (GitHub/skills.sh) which are untrusted and can directly influence which tools/actions it selects.