update-cog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly adds and fetches from a public upstream GitHub remote (git remote add cog-upstream https://github.com/huytieu/COG-second-brain.git and git fetch cog-upstream main) and reads/upgrades framework SKILL.md and related files from that remote, meaning untrusted third‑party repository content would be ingested and can change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill adds and fetches from the upstream remote https://github.com/huytieu/COG-second-brain.git at runtime and then reads or checks out framework files (e.g., .claude/skills//SKILL.md, .kiro/powers//POWER.md, cog-update.sh) which can supply prompts/instructions and scripts that would control agent behavior or execute code.