bubbletea

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows runtime HTTP fetches (e.g., the "Commands that take arguments" fetch(url) example and the checkServer example using http.Get("https://charm.sh/")) that return the remote body as a Msg, so the skill demonstrates fetching and interpreting arbitrary public URLs which could convey untrusted, user-generated instructions that affect program behavior.