create-master

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs real-time RAG and content ingestion from the public FoJin/CBETA/BDRC/SuttaCentral ecosystem (see SKILL.md Step 2 "使用 ${CLAUDE_SKILL_DIR}/tools/sutra_collector.py", the tools fojin_bridge.py and rag_query.py, and Step 3's RAG instructions embedded into runtime rules), so it fetches and interprets open third‑party texts which can materially influence generation and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime retrieval from the FoJin service (e.g., https://fojin.app used via tools/fojin_bridge.py, rag_query.py and sutra_collector.py) to fetch texts that are embedded into model prompts/RAG context, so external content from that URL directly influences prompts at runtime.