lateral-thinking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Update Check" workflow explicitly fetches the public URL https://raw.githubusercontent.com/abpai/skills/main/versions.json and uses the remote version to decide whether to prompt the user and potentially run an update command (npx skills update), so it ingests untrusted public GitHub content that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). This skill performs a runtime fetch of https://raw.githubusercontent.com/abpai/skills/main/versions.json to decide whether to pause and prompt the user to run an update (and, if accepted, to run "npx skills update lateral-thinking"), so remote content directly controls agent prompts and can trigger code execution.