hugo-sveltia-cms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill config explicitly uses a GitHub backend (static/admin/config.yml with repo: "owner/repo") and the workflows include importing/exporting content from WordPress/Jekyll/TinaCMS and processing repository Markdown/media (scripts/convert-toml-to-yaml.py and the bootstrap/convert steps), so the tool ingests and reads untrusted, user-generated content from public GitHub repos and CMS exports as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill embeds and executes remote JavaScript at runtime (e.g., the admin page loads the Sveltia CMS script from https://unpkg.com/@sveltia/cms/dist/sveltia-cms.js), which is a required runtime dependency for the CMS admin UI and therefore executes remote code.