add-example

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and scripts (SKILL.md Phase 4/7 and scripts/generate_thumbnails.py) explicitly download and process contributor files from public raw GitHub CDN URLs (raw.githubusercontent.com), so arbitrary user-provided web content is fetched and interpreted as part of the automated workflow and could therefore carry instructions that affect subsequent processing.