skill-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's script explicitly clones and pulls a public GitHub repository (REPO_URL https://github.com/PSPDFKit/clawdbot-skills.git and REPO_DIR usage) and reads SKILL.md files from that repo (grep in cmd_list and cmd_push) to list, install, and compose PRs, so untrusted third-party content from the open web is ingested and used to drive decisions and actions.