skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The SKILL.md's Step 1B (Domain Research) explicitly instructs the agent to use external MCP tools such as Context7, Social Toolkit MCP, SearchAPI MCP, and PerplexitySonarSearchTool to fetch and summarize open web/social media/documentation content, which the agent will read and use to shape the skill's instructions and decisions, exposing it to untrusted third-party, user-generated content that could carry indirect prompt injections.