ttm-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Runtime path: the workflow runs npm show taketomarket version (public npm registry) and may run npm install -g taketomarket@latest / npx taketomarket@latest --yes, which fetches outsider-authored package contents (including readable text like skill files) into <root>/skills/ttm-*/ and then into the LLM context via the “skill-file diff + sync” step.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill runs commands that fetch and execute remote code at runtime — specifically "git -C '' pull ... && node '/install.js'" (pulls from the repo's remote, e.g., git@github.com:... or https://github.com/...) and "npx taketomarket@latest --yes" / "npm install -g taketomarket@latest" (which pulls packages from the npm registry, e.g., https://registry.npmjs.org/) — so it relies on runtime retrieval of external code that is then executed.