wind-mcp-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's async update-check (scripts/update-check.mjs) calls public GitHub/Gitee tree APIs and cli.mjs's maybePrintUpdateNotice prints upgrade commands from that fetched repo data to stderr — and SKILL.md explicitly instructs the agent to relay those update notices to users — meaning untrusted, public repository content can be ingested at runtime and influence agent behavior.