doom-doc-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly downloads and runs third-party tooling from public GitHub releases via scripts/setup.sh and instructs searching/reading open-source reference repositories (see Phase 2.6 "bash scripts/setup.sh" and the RAG "Open-source reference repositories" guidance), which exposes the agent to untrusted public content that it must ingest and act on (e.g., gating YAML validation and influencing document generation decisions).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's setup script (scripts/setup.sh) is invoked at runtime to install tooling and downloads/executes a binary from GitHub (e.g. https://github.com/yannh/kubeconform/releases/latest/download/kubeconform-${OS}-${ARCH}.tar.gz and its CHECKSUMS URL), which fetches remote executable code the skill relies on for YAML validation.