expo-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's CI/CD workflow (references/cicd.md) explicitly requires fetching live public resources — e.g. "It is NECESSARY to fetch this schema" from https://api.expo.dev/v2/workflows/schema and related raw.githubusercontent.com docs — and the agent is instructed to read and derive validation/decision logic from those fetched schemas, so external public content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The EAS Workflows skill explicitly runs a fetch script at runtime to retrieve the workflow JSON schema and docs (e.g. https://api.expo.dev/v2/workflows/schema and the raw.githubusercontent.com syntax/pre-packaged-jobs MDX URLs), and states the schema "is NECESSARY to fetch" to drive validation/generation of workflows—so these runtime-fetched resources directly control the agent's outputs.