skill-upstream-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly forks and clones a user-provided public GitHub repository and instructs the agent to read and act on files from that repo (e.g., SKILL.md, references/pr-template.md, references/tone-guide.md, and running the skill-auto-improver/asm eval on the repo), so untrusted third-party content from the upstream repo can be read and materially influence commands, PR content, and push actions.