testing-handbook-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The README and SKILL.md explicitly state the generator will locate or clone the Trail of Bits handbook (e.g., "clone from GitHub: https://github.com/trailofbits/testing-handbook" and "locate the handbook... or clone") and the workflow requires scanning that external handbook and using its content to plan and generate skills, meaning arbitrary public third‑party content would be fetched and interpreted at runtime and could influence the agent's subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The README explicitly says the skill may clone the handbook at runtime from https://github.com/trailofbits/testing-handbook, and those fetched files (e.g., agent-prompt.md and generation templates) are used by the generator to drive agent prompts/instructions, so this is a runtime external dependency that can directly control prompts.