frontend-starter-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs installing external skills via "bunx skills@latest add" from third-party repos (e.g., redpanda-data/ui-harness/* and mattpocock/skills/* in Steps 2–3), which pulls and loads untrusted community code that the agent will execute and that can materially influence tool use and decisions.