saizeriya-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md requires and uses untrusted QR-derived URLs (see "QR photos" and Workflow step 2) and instructs passing the returned URL to saizeriya.js start (npx saizeriya.js start ), meaning arbitrary third-party URLs can be ingested and will materially influence CLI actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes npx to fetch and run external packages at runtime (e.g., npx saizeriya.js and npx -y qr-scanner-cli), and the README explicitly references the upstream repo https://github.com/victorperin/qr-scanner-cli—so remote code is fetched and executed and is required for operation.