review-and-commit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Update Check" step fetches https://raw.githubusercontent.com/abpai/skills/main/versions.json (a public GitHub raw URL) and uses the remote version data to decide whether to pause, prompt the user, and potentially run an update command (npx skills update), so untrusted third-party content can influence the agent's actions.