skill-advisor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The Installation Workflow explicitly instructs the agent to search public skill repositories (via npx skills find / npx skills add owner/repo -g --list) and to "Preview and Read SKILL.md" at the public URL https://skills.sh/owner/repo/skill-name, meaning the agent consumes untrusted, user-authored third-party pages and uses that content to decide which install commands to generate and run.