sglang-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and included update-sglang.sh explicitly fetch and update the public GitHub repository (https://github.com/sgl-project/sglang.git) and instruct running that script and then grepping/reading the cloned repo, so the agent will ingest and act on open/public third-party code which could materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The update-sglang.sh script in the skill performs a git clone from https://github.com/sgl-project/sglang.git at runtime to obtain the SGLang source that the skill expects to run (e.g., python -m sglang.launch_server), so this URL fetches remote code the skill relies on and which can be executed locally.