coder-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to browse and read public third‑party sites (e.g., https://registry.coder.com, https://coder.com, and https://registry.terraform.io) and to read main.tf/README files from those registries/modules, which the agent is expected to interpret as part of its workflow and could therefore let untrusted, user‑provided content influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly shows consuming a remote AI agent Terraform module at registry.coder.com/coder/claude-code/coder which is fetched as a required module during template deployment and implements agent behavior (taking ai_prompt/system_prompt), so the remote content would be executed/used at runtime and can directly control prompts.