auto-updater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md "How Updates Work" and references/agent-guide.md Step 2) runs and captures the output of "clawdhub update --all" (and the auto-update script logs SKILL_OUTPUT), which fetches third-party skill packages from the public ClawdHub/registry and the agent parses that output to decide/report what changed—exposing it to untrusted, user-published code/content that can materially alter behavior.