agentcraft-packs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and installs arbitrary public GitHub repos (e.g., "agentcraft add publisher/repo-name resolves to https://github.com/... and clones into ~/.agentcraft/packs/...") and the dashboard's BROWSE PACKS fetches the community registry (https://rohenaz.github.io/agentcraft-registry/index.json), so untrusted, user-published repo content and registry JSON are ingested and used at runtime.