safe-skill-install

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The wrapper script (scripts/scan-skill.sh) explicitly downloads and scans arbitrary public third‑party sources (GitHub archives, skills.sh/npx packages, marketplace URLs or other HTTPS repos), and the agent reads and explains the wrapper's JSON report (which includes scanner_stderr, warnings and paths pointing to the raw scanner output derived from those untrusted files), creating a clear path for indirect prompt injection via scanner-derived content.