tilt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and loading community extensions and remote repos (e.g., v1alpha1.extension_repo(... url='https://github.com/tilt-dev/tilt-extensions') and load('ext://...') in references/patterns.md), which pulls and executes untrusted third-party content (extensions/remote Helm/git repos) that can change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains a Tilt extension declaration v1alpha1.extension_repo pointing to https://github.com/tilt-dev/tilt-extensions and uses load('ext://...'), which at Tilt runtime fetches and loads remote extension code that will be executed and can control Tiltfile behavior.