workos-migrate-stytch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly exports and ingests customer/user data from Stytch in Step 4 (export-stytch.ts using client.organizations.search and client.organizations.members.search, producing stytch-orgs.json and stytch-members.json), which are untrusted, user-generated third‑party contents the agent is expected to read and process.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires a blocking runtime fetch of the documentation at https://workos.com/docs/migrate/stytch and instructs the agent to treat that fetched content as "the source of truth" (i.e., to follow those instructions if they conflict), so the external URL directly controls runtime behavior.