local-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and re-fetches documentation from open third-party sources (Context7 API via curl or MCP tools and arbitrary WebFetch URLs such as developer.wordpress.org or other public sites referenced in file headers) and the agent is expected to read and incorporate that externally fetched content into its workflows (init/update/lookup/save), exposing it to untrusted public content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly re-fetches documentation at runtime from Context7 endpoints (e.g. https://context7.com/api/v2/context?libraryId=LIBRARY_ID&query=TOPIC&type=txt and the related search URL) and injects that fetched content into the agent’s context to drive prompt outputs and generate saved docs, so remote content can directly control agent behavior.