workflow-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires fetching and following a public getting-started guide from useworkflow.dev (see "2) Fetch and follow the getting-started guide" and the listed https://useworkflow.dev/docs/getting-started/... URLs), so the agent reads external third-party webpages and uses their instructions to drive installation/configuration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent at runtime to fetch and "follow the getting-started guide step-by-step" from URLs such as https://useworkflow.dev/docs/getting-started/next, meaning remote content from useworkflow.dev directly controls the agent's instructions and is required for the workflow-init action.