skills-admin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow in workflows/update-skill.md explicitly fetches upstream metadata via curl from the public raw.githubusercontent.com URL for promptingcompany/agent-skills (Step 2) and uses that untrusted public repo content to decide whether to run updates (npx skills add / git clone), so third-party content can materially change agent actions.