start-new-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and uses the public README from https://github.com/queso/context-kit/blob/main/README.md (an open GitHub page) as the authoritative setup source, which is untrusted third-party content the agent will read and interpret during its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). At runtime the skill performs a WebFetch to https://github.com/queso/context-kit/blob/main/README.md and explicitly instructs using the fetched README “as the source of truth,” so remote content directly controls the agent’s setup instructions and is a required dependency.