crunch-compete

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches quickstarter repositories via the public GitHub API (api.github.com) and requires the agent to read and interpret quickstarter code and READMEs (see "Explain" workflow and the phrase mapping "show quickstarters for | Fetch from GitHub API"), which lets untrusted, user-generated content influence decisions and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs pip installs at runtime for required packages hosted on PyPI (e.g., https://pypi.org/project/crunch-cli/), which fetches and installs remote code that will be executed/used by the agent (required dependency), so it constitutes a runtime external dependency that executes remote code.