skill-porter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly performs Git/GitHub operations (e.g., "create-pr" and "fork" features, and "uses GitHub CLI (gh) for repository operations") and can clone/fork remote repositories and read their manifests/README/SKILL.md files, so it can ingest arbitrary public repository content (untrusted third‑party user-generated content) as part of its conversion workflow.