skill-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly searches and fetches public GitHub content (repo/code searches, awesome-list READMEs, and SKILL.md files via the gh API as shown in "Phase 3: Content Fetching", "Phase 6: Awesome-List Processing", and the Installation Workflow), then reads and interprets those untrusted, user-generated files to compute semantic_match/fitness and drive ranking/installation decisions — meaning third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches SKILL.md at runtime (e.g., via "gh api repos/OWNER/REPO/contents/PATH/TO/SKILL.md" and "https://github.com/OWNER/REPO/blob/main/PATH/SKILL.md") and also clones repositories ("gh repo clone" / git clone) and may run setup scripts (setup.sh), so remote GitHub content is fetched during runtime and can directly control prompts and execute code.