starter-kit-upgrade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and inspects public GitHub repositories (scripts/fetch_kit.sh clones https://github.com/laravel/.git and Phase 2 uses gh api to list commits/PRs) and then reads commit/PR metadata and upstream file contents (scripts/classify_feature.sh, later_edits.sh, apply_new_files.sh) as part of its required workflow to decide which files to apply—so untrusted third‑party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's fetch_kit.sh clones https://github.com/laravel/.git at runtime and the agent reads and injects upstream HEAD file contents (via git show) to build the feature catalog and apply files, so remote repository content directly controls what the agent proposes/applies.