cli-productivity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes commands that fetch and process live public content—e.g., curl to raw.githubusercontent.com piping install scripts for zoxide/starship, curl to api.github.com processed with jq, and calls to wttr.in and ifconfig.me—so it clearly ingests untrusted, user-generated third-party content that the agent is expected to read or execute.