boilersync-template

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md core workflow explicitly instructs cloning template source repos from public URLs (e.g., boilersync templates init https://github.com/your-org/your-templates.git), meaning the agent will fetch and process arbitrary third-party repository content (templates) that can influence scaffolding/push/pull behavior and thus could enable indirect prompt injection.