theme-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required "Adding a New Theme" workflow explicitly instructs the agent to "Research the color scheme" by visiting official color scheme documentation/repositories (e.g., GitHub links like https://github.com/catppuccin/catppuccin and other external theme sites) — public, user-generated sources the agent would read and use to determine theme values, so untrusted third‑party content can influence its actions.