workos-authkit-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The Decision Tree explicitly fetches and blocks on the public GitHub README (github.com/workos/authkit-react/blob/main/README.md) as the "source of truth," meaning the agent ingests third-party, user-controlled content that can influence its implementation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs a blocking runtime fetch of the README at github.com/workos/authkit-react/blob/main/README.md and treats that fetched content as the "source of truth" that controls how the skill proceeds, so this is a runtime external dependency that directly controls agent instructions.