spring-boot-4-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly requires the agent to "Look up current documentation" using Context7, "Search the web — Use WebSearch and WebFetch" and "Check GitHub — Use gh CLI" (SKILL.md Verify Library and Framework Usage / Tool instructions), meaning the agent will fetch and interpret open/public third‑party web and GitHub content as part of its runtime decision-making.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README directs a runtime installation that fetches and installs the skill from the remote repository "github:adityamparikh/spring-boot-4-migration-skill", which will load external code/content that directly controls agent behavior (prompts/instructions), so this remote git URL is a required runtime dependency.