skf-forger

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and processes arbitrary GitHub URLs as a data source (see Capabilities #5 "QS — Fast skill from a package name or GitHub URL" in SKILL.md), which indicates it will fetch and interpret untrusted, user-generated repository content as part of its workflow and that content can materially influence actions.