oneskill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests entries from an external skill registry (src/core/registry.ts uses fetchJson against DEFAULT_REGISTRY_URL and allows --registry overrides), those registry/search results (used by runSearch/runInfo) are untrusted/public and are used by the documented workflow in SKILL.md to choose and then install skills (e.g., "npx openskills install "), so third‑party content can directly influence tool use and installation decisions.