vx-provider-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required runtime templates and workflow explicitly fetch and parse public GitHub release data (see "Step 8: Version Fetching Strategies" and the runtime.fetch_versions example using ctx.fetch_github_releases and manual GitHub API calls), which ingests untrusted third‑party content that the agent must interpret to choose versions, download URLs, and installation actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill shows runtime fetches of GitHub release/download URLs (e.g., https://github.com/{owner}/{repo}/releases/download and the GitHub API endpoint https://api.github.com/repos/{owner}/{repo}/releases) which are used at runtime to download binaries/assets that the provider may install and execute, so these external URLs can deliver and cause execution of remote code.