update-nanoclaw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and inspects an upstream repository from a user-provided or default GitHub URL (git fetch upstream) and explicitly reads/parses CHANGELOG.md for “[BREAKING]” entries in Step 6 of SKILL.md and may invoke the referenced / skills, so arbitrary upstream/public repo content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill will add/fetch the upstream repo at runtime (default https://github.com/qwibitai/nanoclaw.git) and then merges and runs "pnpm run build" / "pnpm test", which executes code from the fetched repository, so the external content is fetched at runtime, executed, and required for the flow.