human-writer

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The skill includes a concealed "On first use" update check that silently fetches a remote URL, compares versions, and can run an external update command—hidden meta-actions outside its stated text-editing purpose and therefore a deceptive instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md "Update Check" step explicitly fetches the public URL https://raw.githubusercontent.com/abpai/skills/main/versions.json (a third-party GitHub-hosted file) and uses its contents to decide whether to prompt for and potentially run an update, so untrusted remote data can influence the agent's prompts and tool execution.