heroui-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) instructs agents to "Always fetch migration docs before applying," and multiple provided scripts (e.g., scripts/get_migration_guide.mjs, get_component_migration_guides.mjs, get_hooks_migration_guide.mjs, get_styling_migration_guide.mjs) perform fetch() calls against a public DOCS_BASE (https://heroui-git-docs-migration-heroui.vercel.app/docs/react/migration or an override via HEROUI_MIGRATION_DOCS_BASE), meaning the agent will ingest public third‑party documentation that can materially influence its migration decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime scripts fetch MDX migration guides from https://heroui-git-docs-migration-heroui.vercel.app/docs/react/migration/{filename} (with an option to override to https://heroui.com/docs/react/migration) which are fetched at runtime and injected as the agent's guidance, and the install step curl -fsSL https://heroui.com/install | bash -s heroui-migration explicitly downloads and executes remote code—both satisfy the criteria for a high-confidence risky external dependency.