maintaining-core-documentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Resource Ingestion Architecture and Ingestion CLI explicitly fetch and ingest untrusted, user-generated content from public sources (e.g., GitHub API, Medium RSS / archive, Dev.to) into Firestore, and the agent is documented to read those stored full Markdown bodies via the MCP get_document/search_portfolio tools as part of its workflow, so third‑party content can directly influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation workflow directs runtime execution of a remote package via "npx skills add https://github.com/shubhamsaboo/awesome-llm-apps --skill technical-writer -g -y", which fetches and installs remote code that can alter agent behavior/prompts and is presented as the required installation path when the local technical-writer skill is missing.