dead-code-eliminator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "Update Check" step fetches https://raw.githubusercontent.com/abpai/skills/main/versions.json (a public GitHub URL), which is untrusted third-party content and is read to decide whether to prompt the user to update and potentially run update commands, so it can materially influence agent actions.