api-doc-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs the agent to use WebFetch to retrieve and parse API documentation from the public site https://effect-ts.github.io/effect/, so the agent will read and act on externally-hosted documentation that can influence its behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues WebFetch at runtime to fetch documentation (e.g., https://effect-ts.github.io/effect/effect/Effect.ts.html) and injects that remote content into prompts to control the agent's responses, which the skill relies on for correct operation.