tamagui-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The "Fetching Current Documentation" section explicitly instructs the agent to curl or use the web-fetch skill to retrieve markdown/HTML from public URLs like https://tamagui.dev/docs/... (and other tamagui.dev pages), which causes the agent to fetch and read open third‑party web content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching via curl of https://tamagui.dev/llms.txt (among other docs); the filename and context indicate this external markdown/plain-text file is intended to be retrieved at runtime and could contain LLM prompts/instructions that directly influence agent behavior.