auto-skill-fit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly searches and ingests results from the public skills registry "skills.sh" (and via npx skills find <keyword> per Step 2 in SKILL.md), which is an open third‑party source of user-contributed skill metadata that the agent reads and uses to decide which skills to install — enabling indirect prompt/content injection into the agent's decision and installation flow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses npx to fetch and run the "skills" package at runtime (e.g., via "npx skills find" / "npx skills add owner/repo@skill-name", which pulls code from the npm registry such as https://registry.npmjs.org/skills), so external content is fetched and executed at runtime and is required for the skill to operate.