skill-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly auto-generates skills from arbitrary documentation URLs (e.g., the /docs-to-skill usage and the call to mcp__firecrawl__firecrawl_agent with urls=[target_url]) which causes the agent to fetch and extract content from public third‑party websites, so it will read and interpret untrusted web content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the Firecrawl MCP agent (referenced at https://firecrawl.dev / mcp__firecrawl__firecrawl_agent) to fetch arbitrary documentation URLs at runtime (e.g., https://docs.example.com, https://docs.stripe.com) and uses that fetched content directly as the extraction prompt/input to generate SKILL.md, so the external URLs and the Firecrawl agent are runtime dependencies that directly control prompts/instructions.