get-api-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to run the chub CLI (e.g., "chub search" and "chub get ") to fetch and read external API documentation from public third‑party sources and then use that content to write code, so untrusted third‑party instructions could influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running the chub CLI (npm package @aisuite/chub, e.g. installed from https://registry.npmjs.org/@aisuite/chub) and using chub get to fetch remote documentation at runtime, and that fetched content is then read and used to generate the agent's responses, so external content directly controls prompts.