bkend-auth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's MCP workflow explicitly instructs the agent to use search_docs/WebFetch to fetch public documentation (e.g., the raw.githubusercontent.com links listed under "Official Documentation (Live Reference)") and to generate code based on those search results, so untrusted third-party content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs using WebFetch at runtime to retrieve markdown docs from https://raw.githubusercontent.com/popup-studio-ai/bkend-docs/main/en/authentication/01-overview.md (and other raw.githubusercontent.com URLs), which the agent would consume to drive prompt content and code generation, so this is a runtime external dependency that can directly control agent instructions.