project-documentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory "Technical Writer Skill Synergy" in SKILL.md instructs checking for and optionally installing a technical-writer skill via an npx install from a GitHub URL (npx skills add https://github.com/...), and the referenced docs (references/samples/README.md and architecture docs) explicitly describe ingestion connectors that fetch content from public, user-generated sources (GitHub, Medium, Dev.to) which the agent/tooling ingests and uses as part of its workflow—exposing the agent to untrusted third-party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs installing and loading a remote skill at runtime via npx from https://github.com/shubhamsaboo/awesome-llm-apps --skill technical-writer (npx will fetch and execute remote package code which the agent then loads to control its documentation behaviour), so this URL is a runtime external dependency that can execute code and influence prompts/instructions.