skills-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and installs arbitrary public skills from third-party repositories (e.g., via "npx skills find" and "npx skills add owner/repo@skill" which pulls code from owner/repo URLs), exposing the agent to untrusted, user-generated content that can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses runtime installs like "npx skills add owner/repo@skill" (e.g., vercel-labs/agent-skills@commit), which fetches and installs remote repository code that becomes the agent's skill (thus can execute code or directly control prompts), so this is a runtime external dependency that meets the flagged criteria.