find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs using "npx skills find [query]" and links to/browses https://skills.sh/ and installable GitHub packages (owner/repo@skill), which involves fetching and interpreting publicly contributed skill listings and package metadata from untrusted third‑party sources that could influence installation and subsequent agent actions.