moonbit-practice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's .mbtx documentation and CI/workflow instructions explicitly fetch and ingest external, public packages and resources (e.g., ".mbtx" import block that "External deps are fetched to .mooncakes/", use of moon update to populate the public registry, and curl installer/GitHub references in assets/ci*.yaml), and the guide tells the agent to use tools like moon doc / moon ide to read those packages/docs as part of its workflow, so untrusted third‑party content from public registries/GitHub could influence decisions or subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes CI and install instructions that run a remote installer at runtime—e.g. "curl -fsSL https://cli.moonbitlang.com/install/unix.sh | bash"—which fetches and executes remote code and is relied on to provide the MoonBit CLI in workflows.