workspace-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installer and documentation (scripts/init_workspace.sh --install and the AGENTS.md/README templates) explicitly run npx skills add -a codex -y against public GitHub URLs (e.g., https://github.com/anthropics/skills... and https://github.com/lingkaix/SmartWorkers...), so the agent will fetch and install third‑party, user-authored skills that can materially change its behavior and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The init script and installer steps call npx skills add -a codex -y <url> at runtime to fetch and install agent "skills" from external GitHub sources (e.g. https://github.com/anthropics/skills/tree/main/skills/skill-creator and https://github.com/lingkaix/SmartWorkers/tree/main/skills/general/agent-skills/skills/smart-skill-maker), which will supply code and agent prompt/instruction logic that the workspace relies on for bootstrapping — so these URLs are runtime-fetched, supply agent-controlling content, and are relied on as installation dependencies.