inject-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow explicitly fetches and ingests public third-party documentation (e.g., "downloads version-matching documentation from Vercel's servers" for Next.js via the npx codemod and "fetch the README from zhanymkanov/fastapi-best-practices" from GitHub) and then reads and injects that content into the project's CLAUDE.md, which can materially influence subsequent agent behavior—creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and injects external documentation at runtime—e.g., it fetches the FastAPI README from https://github.com/zhanymkanov/fastapi-best-practices and runs npx @next/codemod@canary (which downloads/executes code from Vercel servers) — these remote fetches are required by the skill and the fetched content is injected into project docs where it can directly influence agent behavior.