skill-scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill actively queries public GitHub (see lib/scout.js searchGitHub and lib/evaluator.js fetchFile/fetchSkillMd which pull SKILL.md, README.md, package.json, etc.) and the agent reads and scores that untrusted, user-generated content to decide (and potentially auto-install via runPipeline/install) which directly influences tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to GitHub (e.g. https://api.github.com/repos/{owner}/{repo}/contents/SKILL.md) and clones/install repos from URLs like https://github.com/{owner}/{repo}.git (via git clone and npm install), which fetches external code at runtime and can execute it (postinstall/scripts), so these external URLs are runtime dependencies that can result in remote code execution.