bootstrap-agentic-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly installs and runs external public skills via commands like "npx skills@latest add mattpocock/skills", "browser-use/browser-harness", "remotion-dev/remotion" and then reads SKILL.md files from ~/.claude/skills/*/SKILL.md and runs their setup steps, meaning it ingests and acts on untrusted third‑party repository content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs npx at runtime to fetch and execute external skill repositories (for example via "npx skills@latest add mohganji/skills" and similar commands for mattpocock/skills, browser-use/browser-harness, remotion-dev/remotion, millionco/react-doctor), so remote code and prompt-controlling skill content are fetched and executed as required dependencies.