local-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs fetching and re-fetching documentation from public third-party sources (Context7 API and WebFetch/official websites like developer.wordpress.org or arbitrary URLs) and requires the agent to read and incorporate that content into local docs and decision flows (init/update/lookup), which could allow untrusted web content to influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime fetches (curl) to Context7 API endpoints (e.g., https://context7.com/api/v2/libs/search?libraryName=LIBRARY&query=TOPIC and https://context7.com/api/v2/context?libraryId=LIBRARY_ID&query=TOPIC&type=txt) which are retrieved at runtime and injected as documentation that the agent uses to guide its responses, so external content can directly influence prompts/instructions.