gsd-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly performs "Latest version checking via npm" and "Changelog fetching and extraction" (update workflow at @{{PLATFORM_ROOT}}/get-shit-done/workflows/update.md), meaning the agent ingests public third‑party content (npm/GitHub changelogs) that it reads and uses to decide/execute updates, which could allow malicious changelog content to influence actions.