bkend-storage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MCP Storage Workflow and "Official Documentation (Live Reference)" explicitly direct the agent to fetch live docs via WebFetch/search_docs (e.g., raw.githubusercontent.com/popup-studio-ai/...), meaning it will ingest public GitHub content that can influence code generation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to "use WebFetch" to retrieve live markdown docs from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/storage/01-overview.md, https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/mcp/07-storage-tools.md, https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/SUMMARY.md), which are fetched at runtime and can directly control the agent's prompts and generated code.