built-in-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The package includes scripts/fetch-idls.js (and an npm "update-idls" command documented in README) that fetch IDL content from public URLs on raw.githubusercontent.com and inject it into templates/SKILL.md, and AGENTS.md explicitly tells the agent to use SKILL.md as the source-of-truth, meaning untrusted public GitHub content can be read and materially influence the agent's decisions and tool usage.