django-allauth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs cloning and running tests from the public GitHub repository (see SKILL.md Step 7: "git clone https://github.com/pennersr/django-allauth.git" and scripts/validate_allauth_tests.sh), which fetches and executes/consumes open/public third‑party content that can materially influence validation decisions and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs cloning and running the django-allauth repository (git clone https://github.com/pennersr/django-allauth.git) as part of its validation, which fetches remote code that is then executed locally (tests/scripts), so this is a runtime external dependency that can execute remote code.