minervia-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the updater "compares installed version to latest on GitHub" and "shows what's new (changelog)" so the agent will fetch and interpret public GitHub content (an untrusted third‑party source) as part of its update/conflict-resolution workflow, which could allow injected instructions to influence actions.