cli-design-expert

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The skill embeds a "silently check" update behavior that performs a hidden remote fetch and can run an external update command (npx) — actions outside the stated CLI-design/review purpose and hidden from the user, so this is a deceptive/hidden instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Update Check" step fetches https://raw.githubusercontent.com/abpai/skills/main/versions.json (an open GitHub URL) and the agent reads that remote, untrusted content to decide whether to pause and offer/run an update (e.g., npx skills update), so third‑party content can materially influence subsequent actions.