lib-docs-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and crawls public third-party documentation (e.g., WebFetch(url="https://example.com/llms.txt"), curl https://example.com/sitemap.xml and WebFetch of collected docs URLs in Phase 1/1.5/2, and it reads those pages at runtime to extract titles, code examples, and API info), so it ingests untrusted external web content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs WebFetch/curl at runtime to pull external documentation files (e.g., WebFetch(url="https://docs.expo.dev/llms.txt", prompt="...") or arbitrary doc pages) and then injects that fetched content into the agent workflow to generate SKILL.md and responses, meaning remote content directly controls prompts and is a required runtime dependency.