bootstrap-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones the public GitHub repo "https://github.com/eljun/kt-monorepo-template.git" (SKILL.md step 3 / Invariants) and then reads and modifies files from that repo (placeholder substitution, injecting tokens, wiring config) and runs npm install, so it ingests and acts on external, user-managed repository content that could contain untrusted instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs a runtime git clone of the template at https://github.com/eljun/kt-monorepo-template.git (required by the workflow) and then runs installation steps (npm install) that can execute code from the fetched repository or its dependencies, so the external repo is a runtime dependency that can cause remote code execution.