skill-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Research Protocol (Step 2 / Step 2A) explicitly requires fetching and parsing public GitHub repos (e.g., VoltAgent/awesome-agent-skills via github-ops or WebFetch) and performing WebFetch queries against arXiv/public web, and mandates incorporating those external SKILL.md contents into the patch backlog — meaning untrusted, user-generated web content is fetched and read as part of the required workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of external GitHub content (e.g., https://github.com/VoltAgent/awesome-agent-skills and raw GitHub URLs via gh api / WebFetch) and then injects/extracts that SKILL.md content into prompts/analysis, so remote content fetched at runtime can directly control agent instructions.