backend-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow step "Clone or refresh the backend reference repo" (git@github.com:customware-ai/template-be-setup.git or https://github.com/customware-ai/template-be-setup.git) and the mandatory replacement/re-reading of that repo's AGENTS.md force the agent to fetch and ingest external GitHub content which can materially change its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires cloning the backend reference repo at git@github.com:customware-ai/template-be-setup.git (HTTPS fallback: https://github.com/customware-ai/template-be-setup.git) at runtime and explicitly instructs replacing the project's AGENTS.md with the cloned repo's AGENTS.md, which would directly change the agent's governing instructions, so the fetched content can control agent prompts/behavior.