skill-authoring-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and installing skills from the public GitHub central repo (why8023/agent-skills) using npx skills add and to read/maintain files like SKILL.md and agents/openai.yaml, which are untrusted third-party repository contents that can embed prompts or instructions affecting agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime commands (e.g., npx skills add why8023/agent-skills or the repo https://github.com/why8023/agent-skills.git) fetch and install remote repository content (including agents/openai.yaml with default_prompt and other skill files) which directly control the agent's prompts and involve executing installation code, so the external GitHub URL is a required runtime dependency that controls prompts/executes code.