ai-shifu-course-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required deployment and CLI workflows (SKILL.md Deployment / references/cli/cli-reference.md and the scripts/shifu-cli.py client) read and import course_prompt and teaching_prompt content from the external AI‑Shifu platform (https://app.ai-shifu.cn) — user-generated course/lesson data that the agent is expected to ingest and that can become system/course prompts or drive generation and deployment decisions, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's CLI and deployment workflow make runtime API calls to the platform at https://app.ai-shifu.cn (DEFAULT_BASE_URL) to fetch/import course data and MarkdownFlow content (including course prompts/system_prompt) which directly control agent prompts and are required for deployment, so this external URL is a runtime dependency that can control prompts.