guide-integrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Workflow step 2 explicitly instructs the agent to WebFetch the public index at https://camoa.github.io/dev-guides/llms.txt and then fetch topic and atomic guide pages from that public GitHub Pages site, meaning the agent will read untrusted third‑party web content and use it to drive architecture decisions and edits (allowing indirect instruction influence).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly WebFetches https://camoa.github.io/dev-guides/llms.txt at runtime and then fetches specific topic pages whose content is injected into the agent's context and used to drive decision-making, so the remote guides can directly control prompts/instructions.