llms-txt-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Remote mode explicitly fetches and ingests public GitHub repository content (see "Remote mode" and the git clone example in PHASE 1 of SKILL.md), and those untrusted, user-authored docs are read and synthesized into sections that directly drive generation decisions, so third-party content can influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime fetches like "git clone --depth 1 ... https://github.com/{org}/{repo}.git" and uses the fetched repository/docs as the source material to build the model context and prompts, so external content from that URL can directly control the agent's instructions.