react-next-scaffold

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly runs public package/template commands (e.g., "{pmx} create-next-app@latest ." and multiple "{pm} install ..." steps) and then scans the generated project files (package.json, config files) as part of its mandatory workflow, so it fetches and ingests untrusted content from the public npm/template ecosystem that can materially influence subsequent actions.