slidev-multi-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's sync-references.mjs (invoked by the documented "npm run sync:references" step) automatically fetches and updates reference files from public third-party sites (e.g., https://sli.dev, https://developers.openai.com, https://code.claude.com, https://docs.openclaw.ai), and SKILL.md explicitly requires the agent to load those reference files as part of its workflow so externally fetched content can influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The repository contains scripts/sync-references.mjs which, when run (npm run sync:references), fetches remote markdown into references/ from external URLs such as https://sli.dev/guide/syntax.md (and other sli.dev / developers.openai.com / code.claude.com / docs.openclaw.ai URLs), and those fetched files are then used as agent-visible reference material that can directly control prompts/instructions—so these URLs are runtime-fetched content that can control the agent.