chromatic-setup-ci

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md step 4 and reference/docs-map.md) instructs the agent to fetch provider docs from public URLs on chromatic.com via WebFetch and to use the fetched content as the authoritative source when generating CI configuration, meaning runtime third-party web content can materially influence tool actions and thus could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime fetches of external docs (e.g., https://www.chromatic.com/docs/llms/github-actions.txt and other https://www.chromatic.com/docs/llms/*.txt URLs) and uses that fetched content as the authoritative source to generate CI configuration, so remote content directly controls the agent's instructions at runtime.