hashimoto-cli-ux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill clearly fetches and uses a remote skill index (e.g., load_manifest()/check_manifest_age() and reqwest::blocking::get(MANIFEST_URL) in cmd_doctor and the documented "Update" command), meaning untrusted third-party manifest/content would be read and can influence which skills are listed/installed and subsequent tool actions.