workos-authkit-tanstack-start

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly performs a blocking WebFetch of the public README at https://github.com/workos/authkit-tanstack-start/blob/main/README.md and states "README is source of truth" and "README overrides this skill," so untrusted third-party content from that public GitHub page would be read and could directly change imports/configuration and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill performs a blocking WebFetch of https://github.com/workos/authkit-tanstack-start/blob/main/README.md at runtime and instructs the agent to extract the package name and let the README "override this skill," so fetched remote content directly controls the agent's instructions and is a required dependency.