litestar-build

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required build and release workflows explicitly download and consume public third-party artifacts (e.g., tools/bundler.py DEFAULT_URLS that wget/git-download python-build-standalone archives from GitHub, the build scripts and release workflows that git clone https://github.com/ofek/pyapp and curl install scripts like bun.sh/astral.sh), which are untrusted public content the agent is expected to ingest and execute/patch as part of the build (e.g., patching and compiling PyApp), so those third-party files can materially influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes CI/build steps that fetch-and-execute remote code at runtime (e.g., curl -LsSf "https://astral.sh/uv/${UV_VERSION}/install.sh" | sh, curl -fsSL https://bun.sh/install | bash, git clone https://github.com/ofek/pyapp, downloads from https://github.com/astral-sh/python-build-standalone/... .tar.gz and https://ziglang.org/download/...tar.xz) which are required build-time dependencies and therefore pose a high risk if those endpoints are malicious or compromised.