skill-authoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The references/generating-from-docs.md workflow explicitly instructs the agent to crawl and fetch documentation URLs from public websites (via agent-skills-generator or manual curl), ingest the crawled content into .skillscache/, and use that content to generate skill files — meaning untrusted third‑party web content is read and can materially influence generated skill behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The "references/generating-from-docs.md" workflow explicitly instructs fetching remote documentation at runtime (e.g., crawling patterns like "https://docs.example.com/guide/*" via the generator or manual curl) and then injecting the crawled content into generated SKILL.md, meaning external URLs are used at runtime to supply instructions that directly control agent prompts.