tanstack-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly instructs spawning a Task sub-agent that fetches and reads public TanStack documentation pages (e.g., https://tanstack.com/query/latest/docs/... .md) so the agent ingests and acts on third‑party web content, which could carry instructions that influence subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs a runtime sub-agent to fetch TanStack docs (e.g. https://tanstack.com/query/latest/docs/framework/react/overview.md) and inject that content into the agent's research/context to produce answers, meaning the external URL is fetched at runtime and its content directly controls the agent's prompts/instructions.