sveltia-cms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads and executes third‑party resources (e.g., the Sveltia bundle from https://unpkg.com) and configures a GitHub backend (backend: name: github, repo: owner/repo) and Cloudflare Worker endpoints (curl https://your-worker.workers.dev/health), which means it fetches and displays arbitrary repository and web-hosted content (untrusted, user‑generated) as part of its runtime workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's admin pages load and execute remote JavaScript at runtime from the unpkg CDN (e.g., https://unpkg.com/@sveltia/cms@0.128.5/dist/sveltia-cms.js and https://unpkg.com/@sveltia/cms@0.113.3/dist/sveltia-cms.js), which is a required runtime dependency that executes remote code in the user's browser.