Vague Triggers
Medium
- Confidence
- 83% confidence
- Finding
- The invocation description is broad enough to match common user requests like installing or adding a skill from a GitHub URL, which can cause this skill to activate frequently in situations involving untrusted repositories. In this context, activation leads directly to network-based retrieval and local installation of persistent content, increasing the chance of importing malicious skills or unsafe instructions.
