cli-printing-press-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and scrapes public third‑party websites/docs as part of its required Research and generation workflow (see SKILL.md: "Point at a website, captures traffic" and the primary command examples like "/printing-press " and "/printing-press https://postman.com/explore"), so untrusted web content is ingested and can materially influence generated CLIs and subsequent agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill exposes runtime commands that fetch and ingest external specs to drive generation (e.g., "/printing-press https://raw.githubusercontent.com/notion/openapi/main/spec.yaml"), so that remote content would be fetched at runtime and directly control the agent's prompts/code-generation behavior.