upgrade-chief

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and inspects a public GitHub repository (uses git ls-remote and git clone https://github.com/thaitype/chief-agent-framework.git), ingesting those third‑party files to build an upgrade plan that can directly influence what actions and file changes the agent performs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs a runtime git clone of https://github.com/thaitype/chief-agent-framework.git and then reads/copies template agent and skill files from that repo into the project (which directly control agent prompts/instructions), and the clone is required for the upgrade flow.