skills-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's runtime workflows (scripts/check_updates.py, scripts/recommend_skills.py, and scripts/update_marketplace.py) explicitly fetch and parse untrusted public content—e.g., marketplace.json from raw.githubusercontent.com and GitHub API commits, HTML scraped from https://skills.sh, and remote git commit messages—and then use those results to decide updates and generate/install commands, so third‑party content can materially influence agent actions.