core-dynamic-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's inline workflow explicitly fetches and extracts content from public docs.rs pages using agent-browser/WebFetch (see "Step 3: Generate Missing Skills" with agent-browser open "https://docs.rs/{crate}/..."), meaning untrusted third-party crate documentation is ingested and used to generate skills that can influence subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runtime explicitly fetches documentation via agent-browser/WebFetch from https://docs.rs/{crate}/latest/{crate}/ and saves that content into generated SKILL.md and reference files that are used as the agent's skill prompts, so external docs.rs content directly controls prompts at runtime.