precommit-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's provided .pre-commit-config.yaml examples (modules/standard-hooks.md and modules/ci-integration.md) explicitly reference and will fetch/run public GitHub hook repos (e.g., https://github.com/pre-commit/pre-commit-hooks, https://github.com/astral-sh/ruff-pre-commit, etc.), so untrusted third‑party code/content is ingested and executed as part of the pre-commit workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The .pre-commit-config.yaml references external hook repositories (e.g., https://github.com/pre-commit/pre-commit-hooks, https://github.com/astral-sh/ruff-pre-commit, https://github.com/pre-commit/mirrors-mypy, https://github.com/PyCQA/bandit) which are fetched by pre-commit at install/run time and their code is executed as hooks, so remote content can run code during skill runtime.