skill-hub-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests third-party repositories and install commands (e.g., adding upstream repos as git submodules under external/, proxy entries in skills/proxy_registry.tsv that use npx with GitHub URLs, and running skills/update.sh to refresh submodules), so it will read and act on untrusted public repo content that can influence actions.