codestyle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Generate workflow explicitly clones arbitrary GitHub repositories and crawls user-provided web URLs as required preprocessing (see SKILL.md and references/generate-workflow.md Step 2a: "Clone GitHub Repository" and Step 2b: "Crawl Web Content"), so the agent ingests untrusted third‑party content that can directly influence analysis, template selection, and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's init/install scripts download and run remote code at runtime (codestyle-server.jar) and clone a template repo, e.g. https://github.com/itxaiohanglover/mcp-codestyle-server/releases/download/v2.1.0/codestyle-server.jar and https://github.com/itxaiohanglover/codestyle-repository.git, which are executed or relied on as required runtime dependencies.