skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform web searches and consult external public URLs as part of its required workflow (see create-pack.md Phase 1: "External Research: Use websearch..." and permissions-update.md's reference to a GitHub release URL), meaning untrusted public web content will be ingested and can influence subsequent tool use and decisions.