setup-biome

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly installs and runs third-party npm packages (bun add -D @biomejs/biome ultracite in SKILL.md) and extends/executes the ultracite preset via biome.jsonc and the .claude/hooks/biome-autofix.sh Stop hook, meaning untrusted package code and linter output from the public registry are ingested/executed and can alter autofix/blocking behavior that influences the agent's actions.