wiki-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main script (scripts/wiki-init.ts, referenced in SKILL.md step 8) explicitly clones and builds the public repository https://github.com/tobi/qmd.git and then reads and runs files from that checkout (e.g., dist/cli/qmd.js, bin/qmd) to drive QMD status, patching, and reindex actions, meaning untrusted third‑party code/content from the open web is fetched, interpreted, and can directly affect tool execution and agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls ensureManagedQmdCheckout at runtime which will git clone and build https://github.com/tobi/qmd.git (via git clone, bun install, bun run build), thereby fetching remote code that is then built/executed as a required managed QMD checkout when running --write without an explicit --qmd-command.