hk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required hk.pkl "amends" and "import" lines (see "Pkl Syntax Reference" / "Required first lines") point to package://github.com/jdx/hk/releases/... URLs so hk will fetch Config.pkl and Builtins.pkl from public GitHub releases (third‑party content) that the tool reads and can change hook configuration and runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's hk.pkl examples include required runtime amends/import package URLs (e.g., package://github.com/jdx/hk/releases/download/v1.36.0/hk@1.36.0#/Config.pkl and ...#/Builtins.pkl) which are fetched by hk at runtime to supply configuration/builtins that directly control hook behavior and can determine commands to execute, so this is a runtime dependency that controls execution.