create-next-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs agents to install and consume user-supplied theme registries/preset codes from external sites (e.g., "Install tweakcn theme if URL provided" and the "bunx shadcn@latest add " / ui.shadcn.com preset usage in SKILL.md and references/stack-defaults.md), meaning it will fetch and act on arbitrary third-party web content that can change build steps and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running the Convex CLI (e.g., bunx convex dev / bunx convex deploy) which interacts at runtime with the project's Convex endpoints (https://.convex.cloud and https://.convex.site), pushing and executing remote functions/schema — a required runtime dependency when Convex is selected, so these external URLs are used to execute remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto/blockchain tooling as optional integrations: it lists @bsv/sdk (BSV blockchain), Sigma/Bitcoin auth (BSV-enabled apps), and 1Sat wallet packages (@1sat-lexi/js, @1sat/connect, @1sat/react). These are specific libraries for wallet/auth integration and blockchain interaction (signing/transaction flows), which match the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution. Even though the skill's primary goal is scaffolding a Next.js app, the prompt expressly provisions these crypto wallet/SDK integrations, which provide direct financial execution capabilities.