osis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Conversation Initialization explicitly inlines a pre-load of a remote "Remote version" via curl to https://raw.githubusercontent.com/andresCamp/osis-skill/main/version.json (see the "Remote version" preprocessing step), and that fetched public GitHub JSON is parsed to drive the auto-update banner and potentially trigger the upgrade flow (running scripts like update-skill.sh), so untrusted third-party content is ingested and can influence tool use and next actions.