kuikly-ui-framework

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow in SKILL.md requires cloning/updating the public GitHub repository https://github.com/Tencent-TDS/KuiklyUI (via scripts/update-repository.sh and check-update.sh) into references/KuiklyUI and then reading files under references/KuiklyUI/docs/, so the agent routinely fetches and interprets open, third‑party repository content that can materially affect its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill’s runtime auto-update clones/pulls the external GitHub repository (https://github.com/Tencent-TDS/KuiklyUI and https://github.com/Tencent-TDS/KuiklyUI.git) and then requires the agent to read files from that repository as the authoritative source for generating prompts and code, so fetched remote content is used at runtime to directly control agent instructions.