cli-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (SKILL.md and README) explicitly requires fetching and reading live content from the public site https://clig.dev/llms.txt (via the tavily-extract skill or WebFetch) and to use that fetched text to ground recommendations, so the agent will ingest and act upon third‑party web content that could carry maliciously crafted instructions.