d6e-app-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly states the marketplace/instance fetches public GitHub registry/index.yaml and template.yaml (manifestUrl) and injects the template_prompt into the AI system context, and workflows support Fetch input steps and Effects with arbitrary external URLs—all untrusted third‑party content the agent reads and that can change its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly states that d6e instances fetch app manifests (e.g., from the marketplace repo https://github.com/d6e-ai/d6e-app-marketplace and the derived manifestUrl/raw template.yaml) at install time and then inject the fetched template_prompt into the AI agent's system context, meaning remote content (the template.yaml) is fetched at runtime and directly controls agent prompts.