build-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs remote research by scraping and downloading community skills from Playbooks (see references/remote-sources.md and the references/skill-research.sh script that curl-scrapes playbooks.com) and mandates reading the downloaded corpus as evidence (references/research-workflow.md), meaning untrusted third-party content is ingested and can materially influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The included runtime script (references/skill-research.sh) performs live fetches from Playbooks (e.g. https://playbooks.com/skills?search=...) and relies on downloading remote skills (via skill-dl, whose suggested installer is fetched from https://raw.githubusercontent.com/yigitkonur/cli-skill-downloader/main/install.sh | bash) whose SKILL.md files are then consumed as evidence that directly shape prompts/synthesis, so remote URLs are used at runtime and can control agent instructions or lead to executing remote code.