tanstack-start

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references/documentation-map.md explicitly instructs the agent to use WebFetch to fetch live documentation from public third‑party URLs (tanstack.com docs and raw GitHub URLs), which the agent will read and interpret and could therefore inject instructions that influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs using WebFetch at runtime to fetch live documentation (e.g. https://raw.githubusercontent.com/TanStack/router/main/docs/start/framework/react/server-functions.md), which would inject remote content into the agent context and directly control its instructions — a high-confidence runtime external dependency.