skill-evolution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads evolution.json from an "upstream" skills-repo (LayeredEvolutionManager.get_upstream_path / layered_merge.py) and merges global/project community-sourced entries, and smart_stitch.py then writes the merged "custom_prompts" into SKILL.md under "Custom Instruction Injection", so untrusted/community-provided JSON can be ingested and turned into instructions that may influence agent behavior.