ai-shifu-course-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflows and CLI explicitly fetch and ingest user-authored course content (lesson MarkdownFlow and course/system prompts) from the AI‑Shifu platform via API endpoints (e.g., cmd_show /api/shifu… to read lesson mdflow and SKILL.md Phase 5 guidance to "use show <shifu_bid> … check each lesson's MarkdownFlow content"), so untrusted user-generated course content is read and can materially influence subsequent tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The included CLI script performs runtime API calls to the AI‑Shifu platform (e.g. https://app.ai-shifu.cn and https://app.ai-shifu.com) to fetch and push MarkdownFlow lessons and system_prompt content—which directly control teaching prompts/instructions—and the deployment flows depend on those endpoints, so they are high-risk external runtime dependencies.