upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and compares against an upstream repo (e.g., "git fetch origin" / "vault-template" / "upstream repo") and ingests system files including .claude/agents, hooks, and settings which the agent reads and applies/merges (and can enable new hooks or agent behavior), exposing it to untrusted third‑party repo content that could change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs a runtime "git fetch origin" from the repository URL configured as the remote origin (the git remote URL used by "git fetch origin"), and the fetched files (e.g., .claude/skills/.md and .claude/hooks/.sh) can directly change agent prompts and introduce executable hook scripts.