hyperstack-build

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's DSL and workflow (references/dsl-reference.md and SKILL.md) explicitly include a URL resolver and a TokenMetadata resolver that fetch JSON from arbitrary HTTP endpoints and the DAS API (e.g., #[resolve(url = state.metadata_uri, extract = "image")] and #[resolve(from = "id.mint")]), so it ingests untrusted, third-party content (NFT metadata, external APIs, block explorers/GitHub IDLs) which is used to compute fields (like decimals → ui_amount) and therefore can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The prerequisites run remote installers (curl --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y and downloading https://win.rustup.rs/x86_64) which fetch and execute code at runtime, so these URLs constitute a high-risk remote-code execution dependency.