sharaf/migrate-to-tessl
Use when migrating, restructuring, publishing, or auditing an existing Claude skill into a Tessl tile; converting flat .md files or SKILL.md bundles; fixing Tessl Quality, Impact, Uplift, frontmatter, metadata, tile.json summary, README, markdown reference links, registry-vs-local Quality gaps, artifact anchors, auto-eval wait discipline, or pushing tile scores from 88-99% to 100%.
100
100%
Does it follow best practices?
Impact
100%
1.17xAverage score across 3 eval scenarios
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). The workflow explicitly fetches and ingests content from the Tessl registry and eval scenarios (e.g., via `tessl search --json`, `tessl tile info`, downloading eval scenarios in <tile-path>/evals/, and the direct API call to /v1/tiles/.../skill-reviews), which are third-party/user-provided artifacts the agent is instructed to read and act on, creating a clear vector for indirect prompt injection.
- Audited
- Security analysis