kairos-create-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly requires calling Context7 to fetch the public Agent Skills specification (https://agentskills.io/specification) in Step 2 and uses kairos_search results to pick and run protocols (Steps 1, 3–5), meaning the agent ingests external public web/search content that will be read and used to drive subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs at runtime to fetch the Agent Skills specification via Context7 from https://agentskills.io/specification and to use its contents to determine SKILL.md/protocol behavior, so remote content would directly influence the agent's prompts/instructions.