clawhub-skill-vetting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires cloning and fetching public repositories and pages (e.g., "git clone https://github.com/author/skill-name" and curl/raw.githubusercontent.com / GitHub API calls shown in references/vetting-guide.md and README.md) and mandates reading that third‑party code/content as part of the vetting workflow, so untrusted web content could be ingested and influence decisions.