heroui-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and scripts (e.g., scripts/get_component_docs.mjs, get_docs.mjs, get_source.mjs, get_styles.mjs, list_components.mjs and SKILL.md) explicitly fetch and ingest public third‑party content from https://heroui.com, the mcp-api.heroui.com API, and raw GitHub URLs (raw.githubusercontent.com), and the agent is instructed to read those MDX/docs/source files which can materially influence implementation and tool use, so it exposes the agent to untrusted external content that could carry indirect prompt-injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes an explicit runtime command "curl -fsSL https://heroui.com/install | bash -s heroui-react" which fetches and immediately executes remote code from https://heroui.com/install, satisfying the conditions for a high-risk external dependency.