openword-navigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to git clone a public GitHub repo and "treat repository README.md as the source of truth" (SKILL.md Runtime Preparation), so it will fetch and read untrusted public repository content which can materially alter installation/operation decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to git clone https://github.com/dinghuanghao/openword.git and then run npm install / npm run dev, which fetches remote code that will be executed and is required for the skill to operate, so this external URL constitutes a high-risk runtime dependency.