opt-editor-install

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a runtime AI streaming flow that fetches and ingests third-party model output (e.g., the fetch("/api/ai/editor") call in command/opt-editor-install.md and the Next.js API examples in references/fix-advanced.md that stream Anthropic/OpenAI SSE responses), parses SSE/NDJSON, and directly starts a stream that applies editor patches—meaning untrusted external model responses are read and can autonomously drive edits/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs runtime installs and registry lookups against https://npm.pkg.github.com (via .npmrc and npm/bun commands) to fetch @reopt-ai/opt-editor, and that package includes prompt-building/system-prompt code (e.g., buildEditorPrompt, catalog.prompt) which the skill uses at runtime to construct AI prompts, so the external registry URL is a required runtime dependency that directly controls prompts.