app-studio-pro-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly instructs pro-code apps to load and execute public CDN-hosted scripts/import maps (e.g., https://unpkg.com/ryuu.js, importmap entries from https://esm.sh, and https://cdn.jsdelivr.net/...), which are open/public third-party resources fetched at runtime and thus can materially change app behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly loads and requires remote JavaScript at runtime (e.g., https://unpkg.com/ryuu.js and https://cdn.jsdelivr.net/npm/chart.js@4.4.1/dist/chart.umd.min.js and importmap entries from https://esm.sh/react@18.2.0 and https://esm.sh/recharts@2.12.7), which fetch and execute remote code as required dependencies for the pro-code apps.