sveltia-cms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill config and templates explicitly instruct the CMS to connect to arbitrary third‑party Git backends (see admin/config.yml backend: name/repo entries for GitHub/GitLab/Gitea) and to load repository content (Markdown/YAML/JSON) plus external services/CDNs (DeepL, unpkg, OAuth worker), so the agent will ingest and display untrusted, user-provided content from public third‑party sources.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The admin pages load and execute remote JavaScript at runtime from the unpkg CDN (e.g. https://unpkg.com/@sveltia/cms/dist/sveltia-cms.js and the pinned https://unpkg.com/@sveltia/cms@0.113.3/dist/sveltia-cms.js), which is required for the CMS UI to function and therefore constitutes a runtime external dependency that executes remote code.