react-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones and reads the public React repo ("git clone https://github.com/facebook/react.git" in Step 1) and uses the GitHub CLI to fetch PRs and issues (e.g., "gh pr list" and "gh issue list") so it ingests untrusted, user-generated third-party content that the agents must read and that directly drives research decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clones and/or pulls https://github.com/facebook/react.git at runtime and then requires agents to read and inject files from that repo into their prompts and outputs, so the fetched repository directly controls agent instructions and is a required runtime dependency.