auth0-ionic-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to run a GitHub API command ("gh api repos/auth0/auth0-react/releases/latest ...") and to use the returned release tag to populate dependency versions, so the agent will fetch and interpret public GitHub content (an untrusted third-party source) that materially influences its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs the agent at runtime to run a GitHub API call (gh api repos/auth0/auth0-react/releases/latest → https://api.github.com/repos/auth0/auth0-react/releases/latest) to fetch the latest release tag and use that value to control dependency/version lines in the generated setup instructions, which is a runtime fetch that directly controls the agent's output.