downloading-pi-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Flagged because SKILL.md explicitly instructs downloading third-party extensions from GitHub ("Preferred Source: GitHub (use gh download)") which requires the agent to fetch and load untrusted, user-generated repository code into the Pi extensions directory and thus can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching of third‑party GitHub repositories via "gh download / ..." (GitHub repo URLs) to install Pi agent extensions whose code will be loaded and can control agent prompts or execute code, so these external repos are a runtime dependency that can directly control behavior.