review-all

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md instructs running bunx @willbooster/agent-skills@latest review --agent all, which ingests and requires the agent to read and judge review comments produced by third-party LLM CLIs (Codex, Claude Code, Gemini CLI), meaning untrusted external content can directly influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "bunx @willbooster/agent-skills@latest", which fetches and executes remote npm package code at runtime (bunx @willbooster/agent-skills@latest), a required dependency that can directly control agent prompts and execute code.