docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated/untrusted content (e.g., llms.txt and documentation via context7.com and fallback WebFetch/WebSearch, cloning GitHub repos with Repomix, and Researcher agents scraping Stack Overflow/Reddit) as required by the SKILL.md and WORKFLOWS.md, and those external pages are parsed and used to drive agent decisions and follow-up actions—creating a clear indirect prompt-injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly prioritizes and WebFetches runtime llms.txt files from context7.com (e.g., https://context7.com/vercel/next.js/llms.txt), and that fetched content is used to generate agent tasks and control what Explorer/Researcher agents read, so it is a runtime external dependency that directly controls agent instructions.