python-initializr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches public third‑party content (e.g., curl https://raw.githubusercontent.com/.../Python.gitignore in Step 5) and requires installing and running pre-commit hooks that pull code from external GitHub repos (see assets/pre-commit-config.yaml), so untrusted remote content is ingested/executed as part of the workflow and could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The .pre-commit-config.yaml explicitly references remote hook repositories (https://github.com/pre-commit/pre-commit-hooks, https://github.com/psf/black, https://github.com/pycqa/flake8, https://github.com/astral-sh/ruff-pre-commit) which are fetched/installed at runtime by pre-commit and will execute code as hooks, meeting the criteria for a runtime-executed external dependency.