local-skills-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Import Skill" option explicitly accepts a URL (e.g., "Download skill from a URL (e.g., GitHub gist)") or pasted content and then validates and saves that markdown, meaning the agent will fetch and read arbitrary public/user-provided content from third-party sites.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's "Import skill" option explicitly supports downloading skill markdown from an arbitrary URL at runtime (e.g., GitHub Gist / raw GitHub URLs like https://gist.github.com or https://raw.githubusercontent.com), and imported skill content would be injected as agent skills that can directly alter prompts/behavior.