skill-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and scrapes public GitHub content (see scripts/record.py: get_raw_github_content, fetch_webpage, get_github_changelog, get_github_commits) as part of the required update/check/install workflow to read SKILL.md/CHANGELOG/commit pages, so untrusted third‑party content can influence update detection and related decisions.