build-frontend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (SKILL.md) and implementation (build-frontend.cs) explicitly run "npm ci" and "npm run build" in src/client/ui/, which fetches packages from the public npm registry and emits stdout/stderr that the agent parses and uses to decide whether to halt or proceed, exposing it to untrusted third-party content that could influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The build script runs npm ci at runtime which will fetch and install packages from the npm registry (e.g., https://registry.npmjs.org), thereby downloading and potentially executing remote code as a required dependency for the build.