swain-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly clones and reads from the public GitHub repository https://github.com/cristoslc/swain.git (see Step 2 reference clone and Step 4 git clone/fallback) and then inspects/copies/installs those files and invokes swain-doctor, so remote, third‑party content can be read and materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly runs "npx skills add cristoslc/swain" and falls back to "git clone --depth 1 https://github.com/cristoslc/swain.git" at runtime to fetch and install remote skill code, which will execute and can directly control agent behavior.