kit-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documentation explicitly supports installing/loading extensions and skills from public git repos (e.g., "kit install github.com/user/repo") and provides runtime APIs to discover/load/inject skills (ctx.LoadSkill, ctx.LoadSkillsFromDir, ctx.InjectRawSkillAsContext) so arbitrary third‑party, user-generated content can be read and injected into the agent's context and thus influence behavior.