zenmux-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (scripts/update-references.sh and SKILL.md Step 4) clones and reads documentation from a public GitHub repo (skills/zenmux-context/references/zenmux-doc/docs_source/), instructing the agent to ingest and base answers on that external public documentation, which could contain untrusted third-party content that influences behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's update script clones and pulls documentation at runtime from the external Git repository https://github.com/ZenMux/zenmux-doc.git, and that fetched markdown content is then read and used to directly control the agent's answers (prompts/instructions), creating a supply-chain risk if the repo were malicious or tampered with.