woostack-bootstrap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow includes “Perform live industry research” via web search and registry lookups (e.g., npm view), which can ingest outsider-authored free text from public web pages or registry metadata into the agent’s LLM context during stack/version selection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires running remote CLI scaffapers (e.g., npx create-next-app, pnpx shadcn@latest add <component>) which will fetch and execute code from external registries (e.g., https://registry.npmjs.org) during runtime, and it also instructs live registry queries such as https://pypi.org/pypi//json; because the scaffolding commands fetch and run remote code as a required runtime step, this is a runtime external dependency that can execute code.