steedos-builder6-config

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly allows loading arbitrary third‑party code and assets (e.g., B6_PLUGIN_PACKAGES / B6_PLUGIN_MODULES with a custom B6_PLUGIN_NPMRC for npm packages, and B6_UNPKG_URL for CDN assets like https://unpkg.com), meaning the runtime can fetch and ingest untrusted user‑provided content that could alter behavior.