vara-skills-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs git fetch/reset (e.g., "git fetch origin" and "git reset --hard origin/main") and plugin update/re-clone steps (including https://github.com/gear-foundation/vara-skills), pulling code from external public repositories that the agent would ingest and which could alter its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime git operations (git fetch origin; git reset --hard origin/main) that fetch and install code from the remote repository (e.g. https://github.com/gear-foundation/vara-skills), allowing remote content to change agent behavior and execute code.