hk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly amends/imports package://github.com/jdx/hk/releases/download/v1.20.0/...#/Config.pkl and Builtins.pkl (public GitHub release URLs), which are open third‑party files the agent is expected to ingest and that can change hook/linter commands and thus materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's hk configurations repeatedly import/amend remote package URLs (e.g. package://github.com/jdx/hk/releases/download/v1.20.0/hk@1.20.0#/Builtins.pkl and package://github.com/jdx/hk/releases/download/v1.20.0/hk@1.20.0#/Config.pkl), which are fetched at runtime and supply builtins/config that directly determine commands the tool will execute, making them required runtime dependencies that can cause remote-executed behavior.