command-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required design patterns (references/design-patterns.md, Pattern 3: "Parallel Research" and related examples) explicitly instruct spawning research agents to gather package analysis, community recommendations, download trends, and known vulnerabilities from external sources—clearly calling for ingestion of open/public, user-generated web content that will influence dependency-selection and install decisions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The prompt is a meta-template for building side-effecting "command" skills (deploys, file mutations, cross-repo operations) which can change machine state, but it explicitly instructs safety controls (disable-model-invocation, approval gates, no hardcoded absolute paths) and does not request sudo, system-level edits, user creation, or bypassing security mechanisms itself.