update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's API examples show it ingesting and acting on untrusted, user-provided conversation data and tool definitions (e.g., the POST route that accepts messages and clientTools and calls frontendTools(clientTools) and streamText with messages: await convertToModelMessages(messages)), so third-party/user-generated content can influence model behavior and tool execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The guide explicitly instructs running npx commands that fetch and execute remote packages at runtime (e.g., "npx @ai-sdk/codemod upgrade" — and similar commands like "npx assistant-ui@latest upgrade" and "npx shadcn@latest add "https://r.assistant-ui.com/thread\""), which will download and run remote code and are presented as required steps for the migration.