day2-create-context-sync-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and ingests untrusted user-generated content (Slack messages, Gmail emails, Notion pages, etc.) as part of its workflow (see templates/context-sync.md and Block 3/4 execution steps) and also fetches public third‑party content from GitHub (scripts/mcp_servers.py downloads a README from raw.githubusercontent.com), creating clear exposure to indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts/mcp_servers.py tool is invoked at runtime to fetch and parse the live README at https://raw.githubusercontent.com/modelcontextprotocol/servers/main/README.md to determine MCP server/package selections and generate .mcp.json config, meaning externally hosted content directly influences which packages/commands the skill will register or suggest.