check-updates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to visit GitHub releases pages ("再访问 GitHub releases 页（web_search 或 web_fetch）获取 GitHub 最新版") and to use web_search to retrieve changelogs/release notes from public web sources, meaning the agent ingests untrusted, user-generated third‑party content that it must read and use to decide updates.