scratch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md's "Update Check" step explicitly fetches and parses https://raw.githubusercontent.com/abpai/skills/main/versions.json (a public GitHub raw URL) on first use and uses that content to decide whether to prompt for and perform an update, so untrusted third‑party data can influence the agent's subsequent actions.