makefile

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md includes an explicit Makefile recipe under "Binary Distribution" that uses curl to query the public GitHub API (https://api.github.com/repos/$(GITHUB_REPO)/releases/latest) and then downloads a release asset from GitHub Releases, which is an open/public third-party source whose contents (release metadata and binaries) are untrusted and directly influence what the tooling will fetch and install.