kimaki-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflows (SKILL.md and references/kimaki-quick-reference.md) explicitly map Discord channels to projects and instruct using slash/CLI commands like /session, /resume and npx kimaki send --channel, meaning the agent ingests and acts on arbitrary user-generated Discord/channel content (and public session URLs), which can materially influence execution and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running the runtime command "npx -y kimaki@latest", which downloads and executes remote npm package code during execution and is relied on as a required dependency, so it can directly execute remote code.