ss-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones/pulls a public GitHub repository (https://github.com/bitjaru/styleseed.git) into /tmp/styleseed and then reads, diffs, and copies/merges files from that repo into the project (skills, .cursorrules, DESIGN-LANGUAGE.md, CLAUDE.md), so untrusted third‑party content directly influences update decisions and file-modifying actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). During runtime the skill explicitly runs "git clone https://github.com/bitjaru/styleseed.git" (and pulls it if present) and then copies engine/.claude/skills and .cursorrules from /tmp/styleseed into the project, meaning remote repository content will directly inject skills/instructions that control the agent.