developing-preact

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required setup (scripts/vendor.sh and the SKILL.md "Setup" / import-map instructions) explicitly downloads ESM files from the public npm registry (https://registry.npmjs.org) and those vendored modules are loaded during local/Playwright testing, so untrusted third‑party package code is fetched and can influence runtime behavior and the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The scripts/vendor.sh script fetches npm package tarballs at runtime (e.g. via URLs like https://registry.npmjs.org// and the tarball_url it extracts) using curl and extracts JS modules that are then used by the importmap — meaning the skill downloads and relies on remote code that will be executed/imported at runtime.