init-monorepo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The required workflow explicitly runs pnpm dlx to add humanpluslabsoss/skills (Step 4) and multiple pnpm install invocations (Steps 11, 12, 25), which fetch and execute packages and their postinstall scripts from public package registries, so untrusted third‑party code can be pulled in and materially affect tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Step 4 runs "pnpm dlx skills@latest add humanpluslabsoss/skills --agent claude-code" (and the same for --agent pi), which at runtime downloads and executes a remote npm package that installs agent skills capable of controlling prompts/instructions, and the skill workflow requires this step—so it is a high-confidence runtime external dependency that executes remote code.