docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and scripts (notably scripts/fetch-docs.js which HTTPS-fetches public context7.com llms.txt URLs, the SKILL.md Quick Start that says "Read URLs with WebFetch", and the repo-analysis workflow that performs web search and git clone) clearly ingest and act on open/public third‑party content (context7.com, discovered docs, GitHub, Stack Overflow, etc.), which can materially influence agent decisions and tool usage.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The fetch-docs.js script performs runtime HTTPS GETs to context7.com llms.txt URLs (e.g., https://context7.com/{org}/{repo}/llms.txt?topic={keyword}) and the returned llms.txt is parsed (and used by analyze-llms-txt and the workflow) to determine which URLs agents should fetch and how agents are instructed, so this external content directly controls agent behavior at runtime.