homebrew-formula-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's update script (scripts/update_formula.py) and SKILL.md explicitly fetch untrusted, public GitHub release data via https://api.github.com/repos/{repo}/releases/latest and download release assets from https://github.com/{repo}/releases/download/{tag}/..., then read the release tag, asset names, and computed SHA256s and use those values to modify formula files, so third-party content directly influences subsequent tool actions.