ctx-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly runs the plugin CLI "upgrade" which pulls the latest code from GitHub (an open/public, user-contributed source) and then requires the agent to read and re-display the CLI/tool output (version numbers and warnings), so the agent will ingest and act on untrusted third-party content from GitHub as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs the agent to run a CLI upgrade that pulls from GitHub, builds and installs software, updates global npm packages and changes permissions—actions that modify system state and potentially require elevated privileges, so it encourages altering the host environment.