check-updates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads remote package.json and CHANGELOG.md from GitHub (via git fetch/git show, get_file_contents(owner, repo, path), or the GitHub REST API as described in "Step 3" and "Step 5"), using owner/repo parsed from the local plugin.json, so arbitrary third‑party repository content would be ingested and could influence update decisions and next actions.