skill-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md Step 2 (Research Protocol) explicitly instructs the agent to fetch and parse public third‑party content (e.g., check VoltAgent/awesome-agent-skills on GitHub and "Pull the raw SKILL.md" via github-ops/WebFetch, plus Exa/web queries and arXiv WebFetch) and to use those findings to drive patch/backlog decisions, so untrusted web content is read and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Step 2A mandates an at-runtime check of https://github.com/VoltAgent/awesome-agent-skills and explicitly calls out fetching raw SKILL.md via gh api or WebFetch (raw GitHub URLs) to "Extract workflow steps..." which means externally fetched content is ingested at runtime and can directly control prompts/instructions.