upstream-patches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill instructs the agent to initialize and operate on an upstream git submodule (upstream/), using ./scripts/upstream.sh (init, rebase -o , checkout, etc.), which causes the agent to fetch and inspect untrusted third-party upstream repository commits and patch hunks as part of its workflow (SKILL.md), so external commit content could influence decisions and tool actions.