sveltia-cms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill describes runtime behavior that fetches and ingests content from open third‑party sources — e.g., connecting to arbitrary Git backends (backend: github/gitlab/gitea in admin/config.yml), cloning/using the sveltia-cms-auth GitHub repo, loading the @sveltia/cms script from unpkg.com, and calling DeepL/GitHub APIs — so the agent/CMS would read and render untrusted, user-generated repository and web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The admin pages load and execute the remote JavaScript bundle from the CDN at https://unpkg.com/@sveltia/cms/dist/sveltia-cms.js at runtime, which runs remote code in the site admin and is required for the skill to function.