cometchat-customization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2d and the Docs MCP contract in SKILL.md) explicitly instructs the agent to fetch and read public third‑party content — e.g., CometChat docs at https://www.cometchat.com/docs/... and the sample app files via raw.githubusercontent.com / api.github.com — and to base code-generation decisions on those files, exposing the agent to untrusted external content that could carry indirect prompt-injection instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching the CometChat docs MCP and sample-app files at runtime (e.g. https://www.cometchat.com/docs/mcp and raw GitHub URLs such as https://raw.githubusercontent.com/cometchat/cometchat-uikit-react/v6/sample-app/... and the GitHub API URL https://api.github.com/repos/cometchat/cometchat-uikit-react/contents/...), and those fetched documents directly drive the agent's prompt/context for generating code, so they are runtime external dependencies that control the agent's instructions.