find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs installing and browsing skills from public Git repositories and community sources (e.g., "Install from URL" and "Browse External Sources: GitHub"), meaning the agent will fetch and install untrusted, user-generated code/skill metadata from the open web that can change its behavior.