metabase-modular-embedding-version-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public documentation and changelogs from GitHub/raw.githubusercontent.com via scripts/fetch-docs.sh and probe-versions.sh (and also downloads npm packages with npm pack), and those fetched .md and d.ts files are required inputs the agent must read and act upon to build the change catalog and drive code edits, which exposes the agent to untrusted third‑party content that could contain malicious/instructive payloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime scripts download docs and changelogs from GitHub raw content (e.g. https://raw.githubusercontent.com/metabase/docs.metabase.github.io/master/_docs/v0.{VERSION}/embedding/sdk/{file}.md) and the fetched content is read at runtime and directly used to build migration instructions and diffs, making those external URLs a required runtime dependency that controls the agent's behavior.