cli-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs fetching and ingesting public, user-generated content — e.g., Step 3 "GitHub Repository Analysis" (git clone https://github.com//, mining issues/discussions) and Step 5 "Online Research" (Stack Overflow, Reddit, blogs, raw GitHub READMEs via curl) — so the agent will read and act on untrusted third‑party content that can influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains explicit runtime fetches of external repository content (e.g., "git clone --depth 1 https://github.com//" and "curl https://raw.githubusercontent.com/org/repo/main/README.md") that are intended to be loaded and used to build prompts/documentation, so remote content can directly control agent instructions.