slop-refinery-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly requires inspecting and merging the target repo's AGENTS.md or CLAUDE.md (user-supplied agent instruction files) and installing/running the third‑party slop‑refinery quick‑checks via npx, so the agent will ingest untrusted external/user-generated content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The setup explicitly runs "npx skills add HOWMZofficial/slop-refinery --skill slop-refinery-quick-checks -y", which fetches and installs/executes code from the HOWMZofficial/slop-refinery repository at runtime and the skill relies on that external package (and its slop-refinery/eslint-plugin imports) to operate.