cometchat-react-astro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and use public content from GitHub/raw.githubusercontent.com (e.g., the cometchat-uikit-react v6 sample-app at https://github.com/cometchat/cometchat-uikit-react/tree/v6/sample-app and raw.githubusercontent.com/.../sample-app/...), and to consult the public CometChat docs MCP URL, with that external content directly guiding code, component choices, and actions—exposing the agent to untrusted third‑party content that can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch and use code/content from raw.githubusercontent.com/cometchat/cometchat-uikit-react/v6/sample-app/... (and also relies on running npx @cometchat/skills-cli@latest which executes remote npm code), so remote content both controls the agent's generated instructions/code and is a required runtime dependency.