ctx-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to "Pull latest from GitHub" and to call the ctx_upgrade MCP tool which returns a shell command that the agent must run, meaning the agent will fetch and execute content from untrusted public GitHub sources provided by third parties.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs calling the ctx_upgrade MCP tool which returns a shell command to execute that "Pulls latest from GitHub" (i.e. a GitHub repository URL such as https://github.com/... fetched at runtime), so code fetched from that external GitHub URL would be executed and thus can directly control the agent.