init-app-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs installing and enabling companion skills from public sources (e.g., SKILL.md Step 2 and scripts/install-skills.py call out "npx skills add" and adding GitHub/skills.sh marketplaces such as bmsuisse/skills, anthropics/skills, wshobson/agents), which fetches untrusted, user-maintained repositories that the agent is expected to load and use to influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime installer (scripts/install-skills.py) that runs "npx skills add" to fetch/install companion skills from https://skills.sh / GitHub repos (e.g., "anthropics/skills", "wshobson/agents") and the .claude/settings.json references a remote marketplace repo ("bmsuisse/skills"); these fetched skills are installed at runtime and become agent plugins that can supply prompts or executable code, so this is a runtime external dependency that can directly control agent behavior.