cv-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses job descriptions from arbitrary URLs (see references/interfaces-integration.md "Standalone Quick Optimization: 1. Fetch job description from URL"), meaning it ingests untrusted public web content that the agent will read and interpret.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches a user-provided job description URL at runtime (the "Optimize my resume for this job posting: [URL]" flow) and uses the fetched content to extract keywords and directly drive generation prompts, so external content would control the agent's instructions.