ghost-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs running "npx ghost-paper prompt" to fetch the current markdown conventions from the installed ghost-paper package (fetched from the public npm ecosystem), and directs the agent to use that output as authoritative guidance when writing markdown, so external package-provided content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "npx ghost-paper" at runtime which auto-downloads and executes code from the npm registry (e.g., https://registry.npmjs.org/ghost-paper) and uses the package's "prompt" output to directly control the agent's instructions for writing the report, so this is a required runtime remote-code dependency.