magicpath

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and CLI commands (e.g., magicpath-ai search/list-components/view/inspect and get-theme) explicitly fetch public/user-generated components, previewImageUrl assets, and theme "prompt" fields and instruct the agent to read and follow those prompts/source code (see SKILL.md "Phase 1", "Phase 2", and "Applying a Theme"), so untrusted third-party content can directly influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill tells the agent to run magicpath-ai get-theme -o json (fetching the theme.prompt from the MagicPath API at runtime) and explicitly instructs the agent to follow that remote natural-language "prompt" to guide styling, so external content fetched during runtime directly controls agent instructions (MagicPath API via magicpath-ai get-theme).