shadcn-vite-iconify-landing-page

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The create-new-static-website skill explicitly requires scaffolding from a public template ("npx gitpick instructa/astro-website-starter " in SKILL.md), which fetches and ingests untrusted, user-generated content from a public GitHub/npm source that the agent is expected to run/interpret and which can materially influence subsequent commands and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The codex-sandbox skill performs git clone/fetch against the repo remote (e.g., git@github.com:ORG/REPO.git or https://github.com/ORG/REPO.git) and the create-new-static-website flow runs an npx template (instructa/astro-website-starter — e.g. https://github.com/instructa/astro-website-starter), both of which fetch and execute remote code at runtime and are required for those skills to work, so they present a real remote-code-execution risk.