Electrobun Release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Updater explicitly fetches and reads {baseUrl}/{channel}-{os}-{arch}-update.json and downloads tarballs/patches from public static hosts (e.g., Cloudflare R2, AWS S3, GitHub Releases) as configured by release.baseUrl, so untrusted third-party content at those URLs can directly influence update decisions and trigger code replacement.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Updater reads a runtime-configured baseUrl (e.g., https://updates.example.com/) and fetches update.json, tarballs and patch files from that host which are then applied/replaced on the running app, meaning remote content can deliver and execute code at runtime.