update-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 2: "Fetch Latest Version" and references/process.md Step 3) explicitly instructs cloning/downloading from public GitHub URLs (https://github.com/ar4mirez/samuel.git and raw.githubusercontent.com/curl in CI) and tells the AI to load, compare, merge, and apply CLAUDE.md and skill files from that external repo—third‑party, user‑authored content the agent is expected to read and act on, which could materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs runtime fetches such as "git clone --depth 1 https://github.com/ar4mirez/samuel.git" and a CI curl to "https://raw.githubusercontent.com/ar4mirez/samuel/main/template/CLAUDE.md", and those fetched CLAUDE.md/template files are then loaded/merged and directly control agent guardrails/prompts and update behavior, making this a required remote dependency.