btca-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow requires adding and using external resources (e.g., "btca add -n svelte-dev https://github.com/sveltejs/svelte.dev") so the agent will fetch and read untrusted public web content (public GitHub/repos) as part of answering questions, which could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs the CLI to fetch external repositories at runtime (e.g. https://github.com/sveltejs/svelte.dev) which are then used as resources injected into model context to generate answers, so remote content can directly influence prompts/behavior.