aislop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core workflow explicitly instructs running npx aislop which may fetch the published package from the public npm registry (see "Remote execution guardrails" and the many example npx aislop commands in SKILL.md), and the agent is expected to parse and act on that CLI output — meaning untrusted third-party code/output from npm can directly influence edits and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly instructs running "npx aislop" at runtime, which will fetch and execute the package from the npm registry (e.g. https://registry.npmjs.org/aislop or https://www.npmjs.com/package/aislop), so it relies on and executes remote code fetched at runtime.