pi-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's helper (scripts/check-pi-version) explicitly uses the GitHub CLI (gh release list / gh release view) to fetch release bodies from the public earendil-works/pi repository, and SKILL.md/README require the agent to read those fetched release notes and installed docs to drive upgrade/migration decisions, thus exposing it to untrusted third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill invokes the GitHub CLI at runtime (e.g., gh release list / gh release view against https://github.com/earendil-works/pi) to fetch release bodies that are injected into the emitted JSON and used to generate upgrade guidance, so the fetched external content can directly influence agent outputs.