builder-smoke-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and installs skills from public registries (see references/registry.md and the SKILL.md steps using endpoints like GET /editor/builder/registries/:id/preview?owner=…&repo=…&path=… and POST /editor/builder/registries/:id/install), which ingests arbitrary third‑party (e.g., GitHub/skills.sh) user-generated content that the agent reads, persists, and can drive follow-up actions—providing a clear path for indirect prompt injection.