sgds-templates

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md contains a "Raw Content Links" table and a "How to Extract HTML from Raw GitHub Links" walkthrough that explicitly instructs fetching raw files from https://raw.githubusercontent.com/... (via curl) and extracting/using their HTML, so the agent is required to ingest public third‑party content that can influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs fetching raw GitHub files at runtime (e.g. https://raw.githubusercontent.com/GovTechSG/sgds-web-component/master/stories/templates/AboutUs/basic.stories.js) via curl to extract HTML/JS templates which are then injected into generated pages, meaning remote content fetched at runtime can directly control the agent's output.