frappe-syntax-customapp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs fetching and installing apps from arbitrary public Git URLs (e.g., "Get existing app from Git" / "bench get-app https://github.com/org/my_custom_app" in SKILL.md and the Installation Workflow), and those fetched repos include patches/fixtures that are executed via bench migrate, so untrusted third‑party code/content can be ingested and materially influence runtime behavior.