create-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs spawning Explore agents that WebFetch public URLs (e.g., Phase 0: "WebFetch https://agentskills.io/what-are-skills.md" and Phase 2: "WebFetch https://skills.sh" and raw GitHub URLs) and holds those fetched, user/public web contents in context to drive planning and decisions, so untrusted third‑party content can materially influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime WebFetches of external docs (e.g., https://agentskills.io/what-are-skills.md, https://agentskills.io/specification.md, https://platform.claude.com/docs/skills/best-practices.md, and https://raw.githubusercontent.com/anthropics/skills/main/skills/skill-creator/SKILL.md) that are required in Phase 0 and are loaded into the agent context to directly drive prompts/instructions.