create-agent-template

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required pipeline.yaml (see the clone sections and examples in SKILL.md and references/agent-examples.md) explicitly clones arbitrary repositories via <+inputs.repo> and then runs coding_agent / analyze_and_generate LLM steps that ingest and act on that repo content (e.g., generating reviews, docs, or PRs), meaning untrusted third-party repository content could indirectly inject instructions that change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The pipelines pull and run external container images at runtime (e.g., myregistry/coding-agent:latest), which are fetched when the skill runs and execute remote code that the agent depends on.