hyperstack-build

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md's "Finding the IDL" instructions explicitly instruct fetching IDL JSONs from public third-party sources (e.g., program GitHub repos, block explorers like Solscan/Solana.fm, NPM/Crates, or Anchor CLI fetch), and those untrusted IDL files are ingested via the #[hyperstack(idl = ...)] macro to drive mappings and stack behavior, so external content can materially influence tool actions.