skill-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill queries arbitrary GitHub repositories (scripts/scan_and_check.py uses git ls-remote on each skill's github_url) and the update workflow explicitly fetches and compares remote READMEs from those public repos, so the agent will ingest and interpret untrusted, user-generated content from third‑party GitHub pages.