app-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs agents to fetch and integrate external APIs (SKILL.md: "Use web search for external APIs" and the App Generation workflow requiring config/requests.json templates), and the references (references/api-integration-examples.md) include request templates and server code that invoke public third‑party APIs like GitHub, Slack, Google Sheets and parse their JSON responses—i.e., untrusted/user-generated external content is fetched and interpreted at runtime and can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill mandates loading the Crayons CDN at runtime which fetches and executes remote JavaScript — e.g. https://cdn.jsdelivr.net/npm/@freshworks/crayons@v4/dist/crayons/crayons.esm.js and https://cdn.jsdelivr.net/npm/@freshworks/crayons@v4/dist/crayons/crayons.js — making it a required external runtime dependency that executes remote code.