developing-preact

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md "Run bash scripts/vendor.sh" and the included scripts/vendor.sh) explicitly downloads ESM files from the public npm registry (registry.npmjs.org) and those vendored packages are imported/executed in the test/app runtime, so untrusted third‑party code is fetched and can influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The scripts/vendor.sh runtime uses curl to fetch package tarballs from https://registry.npmjs.org/${pkg}/${ver} (and the tarball URLs it returns), which downloads remote JavaScript modules that are later executed by the app and are required vendor dependencies.