moai-framework-electron

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Auto-Update Implementation (SKILL.md "Auto-Update Support" / "Auto-Update Implementation") and concrete code (src/main/services/updater.ts) use electron-updater to fetch release metadata and releaseNotes from public hosts (GitHub/S3) and surface those releaseNotes to the app/UI and update flow (prompting downloads/installs), which clearly ingests untrusted third‑party content that can influence decisions and actions.