migrate-skills-between-libraries

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly instructs using "npx ai-agent-skills catalog /" (SKILL.md, step 4) to re-catalog from an upstream owner/repo, which causes the tool to fetch and ingest arbitrary public repositories (untrusted third‑party content) that can alter imported skill behavior.