release-publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md post-publish verification steps explicitly instruct the agent to query public package registries and run commands like npm view <pkg> version and npx <pkg>@latest --version (and AGENTS.md recommends using the gh CLI for GitHub checks), which requires ingesting and interpreting public, user-published content from npm/GitHub as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill mandates running the compose-agentsmd tool at session start (and CI/pre-commit) which uses the agent-ruleset source "github:metyatech/agent-rules@HEAD" to fetch and regenerate AGENTS.md, meaning remote GitHub content at github:metyatech/agent-rules@HEAD is retrieved at runtime and directly controls agent instructions.