novu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The inbox-integration skill explicitly fetches and renders notifications from the Novu service (e.g., inbox-integration/SKILL.md and headless-inbox-examples.md show novu.notifications.list and automatic WebSocket updates) and the examples show using notification fields like subject/body and notification.redirect?.url to drive navigation/handlers, which means untrusted/user-generated notification content from a third-party API can be interpreted and influence runtime actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The repository https://github.com/novuhq/skills is pulled via the setup command npx skills add novuhq/skills (documented in SKILL.md), which fetches and executes remote skill code that directly provides the agent's instructions/prompts and is required for the agent to operate, so it meets the flagging criteria.