workos-authkit-react-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1 explicitly requires fetching and treating the public GitHub README at https://github.com/workos/authkit-react-router/blob/main/README.md as the "source of truth" and to follow it before taking action, meaning untrusted third‑party content from a public repo can directly influence the agent's decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs a blocking WebFetch of the README at https://github.com/workos/authkit-react-router/blob/main/README.md at runtime and explicitly instructs to follow that README as the "source of truth", so the fetched content directly controls agent instructions.