toprank-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill runs git fetch origin/reset on the marketplace repo (Step 4) and then reads and summarizes the repository's CHANGELOG.md (Step 8), which clearly pulls untrusted/third‑party repo content and interprets it as part of the workflow (allowing that remote text to influence the agent's output and subsequent actions).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git fetch/reset against the marketplace repo (~/.claude/plugins/marketplaces/nowork-studio), causing it to pull and install whatever is at the repo's configured "origin" remote URL (the git remote URL configured in that .git), which directly replaces plugin code that will be executed by the agent.