create-new-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill scaffolds a public API that ingests arbitrary third-party JSON—specifically the POST /api/v1/public/orders endpoint (src/app/api/v1/public/orders/route.ts) which accepts untrusted customer/items/notes payloads—so it clearly consumes user-generated content from external callers.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill mainly scaffolds a project and runs local dev tools, but it explicitly suggests using PowerShell's "-ExecutionPolicy Bypass" (a security-policy bypass) to run a script, so it does encourage bypassing a security mechanism even though it doesn't request sudo, system-file edits, or user creation.