nav-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and parses public, user-generated content from GitHub (see version_detector.py calling https://api.github.com/repos/alekspetrov/navigator/releases/latest and SKILL.md/git clone steps that pull templates and release notes from GitHub), and that external release/template content is explicitly read and used to decide updates and actions (e.g., recommending/staging installs and auto-updating CLAUDE.md), which could allow indirect prompt injection via malicious or crafted release notes or templates.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime git clone and installs code from the external repository (git clone https://github.com/alekspetrov/navigator.git … and it also queries https://api.github.com/repos/alekspetrov/navigator/releases/latest), so remote content is fetched at runtime and can result in executing that external code as a required part of the update workflow.