add-ext-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts a URL from the user (Step 1) and then uses curl to fetch and Read the remote SKILL.md (Step 2), meaning it ingests arbitrary open-web content and parses its frontmatter, exposing the agent to untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs curl at runtime to fetch an external SKILL.md (e.g. https://example.com/path/to/SKILL.md via "curl {URL} > /tmp/external-skill.md"), then copies that file into skills/ to define a new skill—meaning remote content fetched at runtime can directly control prompts/instructions the agent will later execute.