company-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "From a Repo" workflow explicitly instructs the agent to clone/read arbitrary git repo URLs and to reference external SKILL.md files on GitHub (see "Step 1: Gather Context" and the "From a Repo" / references/from-repo-guide.md sections), so it ingests untrusted, user-provided third‑party content that directly influences agent analysis and package generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's "from-repo" mode explicitly instructs cloning/reading arbitrary git repositories (e.g., https://github.com/owner/repo or via git ls-remote https://github.com/owner/repo HEAD) at runtime and using discovered SKILL.md / agent config files to generate agent instructions, so remote repo content fetched during runtime can directly control prompts.