developing-with-streamlit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The packaged CCv2 guidance (skills/building-streamlit-custom-components-v2/references/packaged-components.md) explicitly requires generating a component from the public GitHub template via a cookiecutter command (gh:streamlit/component-template), which forces the agent to fetch and consume third‑party repository content that can influence code generation and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and using remote project templates (e.g., via cookiecutter gh:streamlit/component-template or https://github.com/streamlit/component-template) and demonstrates running a remote script with Streamlit (e.g., https://raw.githubusercontent.com/streamlit/demo-uber-nyc-pickups/master/streamlit_app.py), both of which fetch and execute remote code at runtime and are treated as required for packaged-component workflows—posing a high-risk runtime external dependency.