xmake-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning the public GitHub repository (git clone https://github.com/xmake-io/xmake.git) and configuring XMAKE_PROGRAM_DIR / running xmake l to load and execute the checkout's Lua scripts, so untrusted third‑party repository content is fetched and can directly influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs cloning and building the repository at https://github.com/xmake-io/xmake.git (via "git clone --recursive https://github.com/xmake-io/xmake.git" and subsequent ./configure && make and running the built binary), which fetches remote code that is then built and executed, so this external URL is a runtime dependency that can execute remote code.