skill-staleness-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads diffs and updated files from upstream package repositories (e.g., "Fetch the file diff from the triggering commit in the source repo" and "fetch the updated file" via GitHub API/gh CLI), which are untrusted third-party sources whose content is parsed and used to decide rewrites and PR actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches upstream repository files/diffs at runtime via the GitHub API/raw file URLs (e.g., api.github.com / raw.githubusercontent.com) and supplies that fetched content to the skill-generate meta-skill to control how SKILL.md is rewritten, which means external content directly controls agent prompts.