ln-742-precommit-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflow instructs installing and configuring external hook packages (e.g., npm install / npx husky, pip install pre-commit) and explicitly references public GitHub hook repos in .pre-commit-config.yaml (e.g., https://github.com/astral-sh/ruff-pre-commit, https://github.com/compilerla/conventional-pre-commit), which will fetch and execute untrusted third‑party code as part of normal hook execution and can therefore influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The .pre-commit-config.yaml includes external hook repos (e.g. https://github.com/astral-sh/ruff-pre-commit, https://github.com/compilerla/conventional-pre-commit, https://github.com/pre-commit/pre-commit-hooks) which pre-commit will fetch and install at runtime and those fetched repositories provide and run hook code (i.e., execute remote code) required for the skill to function.