update-buttercut

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and installs code directly from a public GitHub repository (via "git pull origin main" and "curl -L https://github.com/barefootford/buttercut/archive/refs/heads/main.zip"), which is untrusted, user-generated third-party content that the agent ingests as part of its update workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs a runtime curl download from https://github.com/barefootford/buttercut/archive/refs/heads/main.zip, unpacks and rsyncs those files into the local installation and then runs bundle install, so remote code is fetched at runtime and could be executed—constituting a required external dependency that controls code deployed by the agent.