testing-handbook-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The README explicitly says the generator will "locate the handbook (check common locations, ask user, or clone)" and as a last resort "clone from GitHub: https://github.com/trailofbits/testing-handbook", and it then "scan[s] the handbook structure" to generate skills—so the agent fetches and interprets public third‑party content which can influence downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The README explicitly says the meta-skill may clone the handbook at runtime as a last resort (git clone https://github.com/trailofbits/testing-handbook), meaning remote repository content would be fetched during skill runtime and used to drive the generator's prompts/instructions—so this URL is a runtime dependency that can directly control agent behavior.