swain-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and installs public repository content (git clone https://github.com/cristoslc/swain.git in Step 2 and the npx skills add cristoslc/swain operation in Step 4), causing the agent to read and act on untrusted, open-web code and SKILL.md files that can materially influence installation and runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs "npx skills add cristoslc/swain" (which pulls and executes a remote package) and falls back to "git clone --depth 1 https://github.com/cristoslc/swain.git" at runtime, so fetching from https://github.com/cristoslc/swain.git (and the cristoslc/swain package) is required and can execute remote code.