add-new-skills-to-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly downloads skills from arbitrary public GitHub repositories using the skill-downloader script and instructs reading the downloaded SKILL.md, so the agent would ingest untrusted, user-generated content from GitHub.