pipes-deployment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (see "MCP Integration" and "ClickHouse Cloud Deployment" in SKILL.md) instructs the agent to run queries against external ClickHouse Cloud/Railway endpoints (e.g., mcp__clickhouse__run_select_query, curl to https://*.clickhouse.cloud:8443 and Railway MCP tools) and to read those results to validate and decide deployment actions, which clearly ingests arbitrary third‑party/user data that could influence tool use and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's deployment agents invoke a remote CLI via npx (npx @iankressin/pipes-cli-test@latest deploy --provider railway), which fetches and executes code from the npm registry at runtime and is relied on as a required deployment dependency.