money-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Steps 2 and 5 and "Show Changelog") explicitly instructs using public npm commands (npm view, npx install) and to read GitHub release notes/CHANGELOG, which fetch untrusted, user-published content from the public npm registry and GitHub that directly influences whether the agent performs upgrades or other actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill invokes npx to fetch and run the package @orrisai/show-me-the-money at runtime (e.g. "npx @orrisai/show-me-the-money@latest install", which pulls code from the npm registry such as https://registry.npmjs.org/@orrisai/show-me-the-money), so it downloads and executes remote code that the upgrade relies on.