find-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to search and ingest listings from the open skills ecosystem (e.g., skills.sh via "npx skills find" and install packages from GitHub or other external owners with "npx skills add owner/repo@skill"), which are untrusted third‑party sources whose content could influence tool use or installation decisions.