sync-pocock-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Runtime path: scripts/sync.sh does git clone from https://github.com/mattpocock/skills.git, then reads upstream SKILL.md/other files via find/grep/diff and prints extracted free text (e.g., NEW: descriptions and UNPATCHED: grep matches) to stdout, which the agent can parse into its LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The sync script (sync.sh) performs a git clone of https://github.com/mattpocock/skills.git at runtime, and the fetched upstream SKILL.md skill files are then inspected/used by the toolchain to drive agent prompts/decisions, so the remote repo is a runtime dependency that can directly control agent instructions.