review-gemini

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running "bunx @willbooster/agent-skills@latest review --agent gemini", which fetches and executes a public npm package and requires the agent to read and act on that package's review output, exposing it to untrusted third‑party content that could embed instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires running the runtime command "bunx @willbooster/agent-skills@latest review --agent gemini", which fetches and executes the remote npm package @willbooster/agent-skills@latest at runtime, thereby running external code that can control prompts or behavior.