skill-porter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones or copies external repositories (git clone in src/optional-features/fork-setup.js and use of repo URLs/gh in the CLI), and its converters/detectors directly read and parse untrusted files like GEMINI.md, SKILL.md and manifest JSONs (src/converters/*, src/analyzers/detector.js), so it ingests arbitrary public/user-generated content that the tool then interprets and incorporates (e.g., into prompts/commands/manifests), enabling indirect prompt injection.