updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow in SKILL.md (e.g., "updater check --json -v" and "updater install " via Homebrew casks) causes the agent to fetch and parse release notes, package metadata, and other public update sources from the open web (Homebrew/vendor update feeds), which are untrusted third‑party content and can materially influence update decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs the agent to install, update, rollback, delete apps, manage a menu-bar agent, and schedule system checks—actions that modify system state and can be destructive even if dry-run/confirmation is advised.