skill-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party content — e.g., SKILL.md Phase 3 ("Fetch release notes from releases_url" / "Use WebFetch") and scripts like scripts/sources-check.nu and sources-report.nu which query GitHub Releases, hex.pm, crates.io and arbitrary releases_url/URLs — and requires the agent to read/interpret that content to decide version changes and follow-up update actions, so untrusted upstream text could influence tool behavior.