cursor-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly requires running scrape scripts (scripts/core/scrape_docs.py) to fetch and ingest documentation from configured llms.txt sources (e.g., https://cursor.com/llms.txt and other public URLs), so the agent will read public web content that can influence indexing and subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime scraping scripts explicitly fetch remote markdown from https://cursor.com/llms.txt (and related cursor.com doc URLs) and ingest those documents into the index/model context used to answer queries, so external content fetched at runtime can directly influence agent prompts and behavior.