skill-security-checker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary public GitHub repositories and npm package names and uses the GitHub API and repository downloads for its mandatory "下载前检查" static analysis (see SKILL.md "支持的输入类型" and "第一阶段：下载前检查") and the CLI (bin/cli.js) which normalizes and fetches GitHub targets, so untrusted third-party content from public repos/registries is ingested and can directly influence scoring and follow-up actions.