docs-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and processes public llms.txt files and linked documentation (via context7.com URLs and WebFetch), and instructs launching Explorer/Researcher agents to read arbitrary external pages (including community sources like Stack Overflow/Reddit and GitHub repos), so untrusted third-party content is ingested and used to decide tool actions and agent distribution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The fetch-docs.js script explicitly performs runtime HTTPS GETs to context7.com (e.g. https://context7.com/{org}/{repo}/llms.txt and topic URLs like https://context7.com/shadcn-ui/ui/llms.txt?topic=date) and the returned llms.txt content is parsed and used to decide which URLs agents should fetch and how to prompt/distribute agents, so remote content from context7.com directly controls agent instructions and is a required runtime dependency.