rules-lawyer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly scrapes and downloads public third-party content — e.g., the SKILL.md's "download-rules" step that scrapes the Comprehensive Rules landing page for MagicCompRules*.txt and the "download-bulk"/"rulings-lookup" steps that fetch Scryfall bulk data — and the agent is required to read and act on that fetched text to produce rule-cited answers, so external content can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's setup requires running download-rules, which at runtime scrapes the Comprehensive Rules landing page to fetch the MagicCompRules*.txt download URL (the external "MagicCompRules*.txt" download link) and then uses that downloaded CR text verbatim to construct and cite answers, so the fetched remote file directly controls the agent's prompts/outputs.