skill-vetter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read arbitrary public GitHub repositories (see "Quick Vet Commands" with curl to api.github.com and raw.githubusercontent.com and "Read ALL files in the skill" in Step 2), meaning untrusted user-generated repo content would be ingested and could materially influence the agent's decisions.