nav-start

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's auto-updater (functions/auto_updater.py) explicitly queries the public GitHub releases API (see get_latest_version_from_github) and SKILL.md Step 1.5 runs that updater at session start, so external release JSON from an untrusted third-party repository is fetched and used to decide and trigger updates/reinstalls that materially change agent behavior.