skill-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's /meta-claude:skill:research phase explicitly runs automated firecrawl web scraping (saving results to docs/research/skills// and referencing GitHub/public pages in examples), and those ingested, user-generated/public web materials are formatted, read, and synthesized into SKILL.md as part of the required workflow—so untrusted third-party content can directly influence subsequent decisions and tool invocations.