minitest-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly has the AI agent "analyse the app screen" and consumes user-provided app knowledge (via "minitest app-knowledge get/update") and run result recording URLs (SKILL.md), which are untrusted/user-generated content the agent must read and which can materially influence decisions during runs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's prerequisite runs a remote install script via curl -fsSL https://raw.githubusercontent.com/minitap-ai/minitest-cli/main/install.sh | bash which fetches and executes remote code during setup and is required to install the CLI, so it can directly execute remote code and is risky.