expo-gluestack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill explicitly tells the agent to "consult" external public GitHub repositories in section 8 ("External Agent Skills & Resources" linking to https://github.com/callstackincubator/agent-skills and https://github.com/expo/skills), meaning the agent is expected to read untrusted, user‑authored third‑party content that could materially influence its decisions and actions, creating opportunity for indirect prompt injection.