template-initialization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and deliverables explicitly run scripts/discover-skills.mjs and match/recommend skills from the public site https://skills.sh/, meaning the agent ingests and acts on external, open-web skill data (into .copilot/.claude/.codex/.gemini/ and in install decisions), which could carry untrusted/user-generated instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The init workflow explicitly runs skills discovery against https://skills.sh/ during initialization and exposes recommended skills into agent-specific directories (.copilot/.claude/.codex/.gemini/), indicating that external content from that URL is fetched at runtime and can directly control agent prompts/instructions.