oms-uitripled

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references explicitly document that the CLI fetches component JSON from the public URL https://ui.tripled.work/r/{name}.json (see packages/uitripled/src/utils/registry.ts and references/catalog.md / SKILL.md), so the skill consumes external, untrusted component payloads during install which can influence tooling/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly documents that both CLI install paths fetch component JSON at runtime from https://ui.tripled.work/r/{name}.json (the standalone uitripled CLI "fetches JSON from https://ui.tripled.work/r/{component}.json" and the shadcn path is said to fetch the same), and that this fetched content is written into the user's project (copy-paste install), satisfying the conditions that the URL is used at runtime, provides external content that controls installed code, and is a required dependency.