peaks-sdd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required initialization workflow (Step 0.8 "Install Skills" which runs npx skills add from many GitHub URLs) and its Step 0.7 MCP configuration (including websearch/fetch/context7 MCPs and browser-use/browser MCPs) explicitly fetch and load public third‑party resources (GitHub repos, websearch/fetch results, Figma MCP, etc.) that are untrusted/user‑generated and are incorporated into the agents' runtime behavior, so external content could materially influence tool selection and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs runtime installs like "npx skills add https://github.com/obra/superpowers" which fetches and links remote repository code (a Skill) that can execute and/or control agent prompts at runtime, making https://github.com/obra/superpowers a high-confidence risky external dependency.