Pulling Updates from Skills Repository

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill fetches and merges from remote git repositories (the tracking remote / upstream / origin, e.g., obra/superpowers-skills) and reads/displays commit logs and file contents from those upstream sources, which are untrusted public/user-generated content that could carry indirect prompt-injection.