nugs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public content from Nugs.net (e.g., "nugs update" to fetch the latest catalog from Nugs.net and "nugs grab https://play.nugs.net/release/..." to download releases, as documented in SKILL.md/README), and that external catalog/metadata is used to drive gap-detection and automatic download actions, so untrusted third‑party content can materially influence tool behavior.