steedos-builder6-modules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Plugin System explicitly installs and requires third-party NPM packages specified via B6_PLUGIN_MODULES / B6_PLUGIN_PACKAGES (see "Plugin System" and "Installation Lifecycle"), which causes the agent to fetch and load arbitrary external packages whose code can change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs an npm install at startup to fetch plugin packages (from https://registry.npmjs.org/ or a custom registry via B6_PLUGIN_NPMRC) and then requires their dist/plugin.module.js, so remote code is fetched at runtime and executed as a required dependency.