installing-webapp-features

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly resolves feature names to npm packages and copies their files into the project ("resolves the feature name to an npm package, installs it and its dependencies, copies source files into your project") and then instructs the agent to "Read each example file (use Read tool)" from those installed files, meaning untrusted third‑party package content could be read and acted on to change code and behavior.