plantuml-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 0 "Update check" explicitly runs git ls-remote against the upstream origin to fetch public tags and compares them to local metadata, then may run git pull (git -C pull --ff-only) based on that remote content, meaning untrusted upstream data can directly influence actions taken by the agent.