smoke-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly runs auto-fix commands that fetch and execute code from public third-party sources — e.g., "Install from bun.sh" in the Built-in Tests and "npm install zod@4 --force" in Known Issues — so the agent will ingest and act on untrusted external packages/scripts that can change subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's auto-fix steps include runtime commands that fetch and execute remote code — e.g., "npm install zod@4 --force" (pulls and installs code from the npm registry) and the noted "Install from bun.sh" installer — so external content is fetched at runtime and can execute as a required dependency.