template-constructor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly imports templates from arbitrary Git repositories (install-template: "From Git Repository" with user-supplied repo_url) and the analyze-template/trace-agent commands read and parse template files (prompts, workflows, _install.yml) — meaning it ingests untrusted, public repository content (including user-generated prompt instructions) that the agent will read and interpret.