prd-loader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly states the PRD source may be a URL and instructs the skill to use MCP web reader or the built-in WebFetch to load URL content, meaning arbitrary public/web user-generated pages will be fetched and read and can directly influence downstream actions like feature-name generation and PRD analysis.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly uses a WebFetch tool to fetch user-supplied HTTP(S) URLs at runtime and then injects that fetched PRD content into the agent’s context (controlling prompts), so user-supplied URLs like "http://..."/"https://..." are a runtime external dependency that can control the agent.