skills-cli-usage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's commands (e.g., "npx skills add <owner/repo-or-url-or-path> --list" and the "Source Forms" section allowing GitHub shorthand or full URLs) explicitly fetch and list content from arbitrary public GitHub repositories or URLs, so the agent would read untrusted third-party repo content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs using runtime commands like "npx skills add " with GitHub sources (e.g. https://github.com/vercel-labs/skills and https://github.com//), and those repositories are expected to contain skills//SKILL.md which are fetched at runtime and directly define agent prompts/instructions, so external content can control the agent.