project-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). La referencia references/<stack_id>.md se lee y luego se ejecuta git fetch upstream y git merge upstream/main, donde upstream apunta a templateUrl (URL git proporcionada por el usuario); el contenido del repo plantilla (texto de archivos) se incorpora al contexto del agente vía lectura/edición posterior en el workspace, lo que puede incluir texto libre no confiable del outsider (la plantilla).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires a runtime-provided git URL (templateUrl, e.g. https://github.com/org/my-base.git) which the agent adds as a remote and runs git fetch and git merge (and may run npm install), thereby fetching and integrating remote code that can execute via install/postinstall scripts—so the URL is used at runtime to pull code the skill depends on.