bkend-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's workflow explicitly instructs the agent to "search_docs" and to use Live Reference URLs on the public web (e.g., https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/...) so the agent will fetch and interpret public third-party documentation which can materially influence generated code and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill explicitly instructs using WebFetch at runtime to retrieve documentation from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/authentication/01-overview.md), which would supply external markdown that directly shapes generated prompts/instructions—so these raw GitHub URLs are runtime dependencies that can control agent behavior.