setup-finance-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires cloning the public GitHub repo via "gh repo clone jackiexiao/01mvp-finance" and refers to reading project files like README.md/CLAUDE.md, so the agent will fetch and consume user-generated content from an untrusted public source that could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "gh repo clone jackiexiao/01mvp-finance" during runtime and then installs and runs the fetched project (pnpm install / pnpm run dev), meaning remote code from the GitHub repo (jackiexiao/01mvp-finance) is fetched and executed and is required for the skill to operate.