versioning-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "When Comparing Two Skill Versions" workflow explicitly ingests user-provided archives (e.g., unzipping /mnt/user-data/uploads/skill-v1.zip and /mnt/user-data/uploads/skill-v2.zip) and runs diffs on their contents, meaning the agent would read and process arbitrary untrusted user-generated files that could contain injected instructions.