install-from-remote-library

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to fetch and inspect remote shared library repositories (e.g., npx ai-agent-skills install <owner>/<repo> --list and --dry-run), which ingests untrusted public repo content that the agent must read/interpret to decide installs and could therefore enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime workflow runs "npx ai-agent-skills install /", which fetches and installs remote repository content (the / source) that would supply skill prompts/instructions and executable code required for operation, so this is a runtime dependency that can directly control the agent.