nav-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses public GitHub content (e.g., curl to https://api.github.com/repos/alekspetrov/navigator/releases, git clone of the navigator repo, and fetching templates from GitHub) and uses that data to update CLAUDE.md and drive version/feature decisions, so untrusted third‑party content is read and interpreted at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs runtime commands that clone and install code from a GitHub repo (git clone https://github.com/alekspetrov/navigator.git followed by /plugin install), which fetches and executes remote code as a required step during the upgrade—this presents a high-risk external dependency.