li-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs running "npx skills update" or "npx skills add jiangjiax/li-skills", which fetches and installs code from public npm/GitHub sources (https://github.com/jiangjiax/li-skills) that could change loaded skill behavior and thus enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs running npx commands (npx skills update / npx skills add jiangjiax/li-skills) which fetch and execute remote package code from the repository https://github.com/jiangjiax/li-skills at runtime, so it relies on external code execution.